vulnerability

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)

access management, CISA, CVE, Don't miss, enterprise, F5 Networks, financial industry, Government, Hot stuff, News, vulnerability /

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) 2026-03-28 at 11:30 By Zeljka Zorz A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructure Security Agency warned on Friday. CISA added the flaw to its Known Exploited Vulnerabilities […]

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) Read More »

TP-Link Patches High-Severity Router Vulnerabilities

router, TP-LINK, Vulnerabilities, vulnerability /

TP-Link Patches High-Severity Router Vulnerabilities 2026-03-27 at 13:42 By Ionut Arghire The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TP-Link Patches High-Severity Router Vulnerabilities Read More »

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation

Aqua Security, CISA, Don't miss, Hot stuff, Langflow, News, supply chain compromise, vulnerability /

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation 2026-03-27 at 12:43 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently disclosed code injection vulnerability in Langflow, an open-source framework for building AI agents and

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation Read More »

BIND Updates Patch High-Severity Vulnerabilities

BIND, DNS, patch, Vulnerabilities, vulnerability /

BIND Updates Patch High-Severity Vulnerabilities 2026-03-26 at 15:52 By Ionut Arghire Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

BIND Updates Patch High-Severity Vulnerabilities Read More »

Cisco Patches Multiple Vulnerabilities in IOS Software

Cisco, patch, Vulnerabilities, vulnerability /

Cisco Patches Multiple Vulnerabilities in IOS Software 2026-03-26 at 15:52 By Ionut Arghire The high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Patches Multiple Vulnerabilities in IOS Software Read More »

iOS, macOS 26.4 Roll Out With Fresh Security Patches

apple, Endpoint Security, iOS, macOS, patch, Vulnerabilities, vulnerability /

iOS, macOS 26.4 Roll Out With Fresh Security Patches 2026-03-25 at 18:18 By Ionut Arghire Apple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. The post iOS, macOS 26.4 Roll Out With Fresh Security Patches appeared first on SecurityWeek. This article is an

iOS, macOS 26.4 Roll Out With Fresh Security Patches Read More »

Chrome 146 Update Patches High-Severity Vulnerabilities

Chrome, Vulnerabilities, vulnerability /

Chrome 146 Update Patches High-Severity Vulnerabilities 2026-03-24 at 19:53 By Ionut Arghire The software refresh fixes eight memory safety bugs affecting seven Chrome components. The post Chrome 146 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 146 Update Patches High-Severity Vulnerabilities Read More »

Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)

Arctic Wolf Networks, Citrix, Don't miss, Hot stuff, NetScaler, News, Rapid7, vulnerability /

Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) 2026-03-24 at 16:13 By Zeljka Zorz Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active session tokens from the memory of affected devices. Anil Shetty, senior VP of Engineering with Cloud

Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) Read More »

Vulnerabilities from years ago still opening doors for attackers

Artificial Intelligence, Cisco, cybercrime, Email, MFA, News, Ransomware, report, survey, vulnerability /

Vulnerabilities from years ago still opening doors for attackers 2026-03-24 at 14:02 By Sinisa Markovic Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining active years after disclosure. (Source: Cisco Talos) Findings from Cisco Talos’ 2025 Year in Review show how attackers combined

Vulnerabilities from years ago still opening doors for attackers Read More »

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix, Vulnerabilities, vulnerability /

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn 2026-03-24 at 14:02 By Ionut Arghire An out-of-bounds read vulnerability can be exploited remotely without authentication to read sensitive information from memory. The post Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn Read More »

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)

API security, Don't miss, enterprise, Hot stuff, identity management, News, Oracle, vulnerability /

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) 2026-03-23 at 13:50 By Zeljka Zorz Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whether the vulnerability has been exploited as a zero-day, but

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) Read More »

QNAP Patches Four Vulnerabilities Exploited at Pwn2Own 

QNAP, Vulnerabilities, vulnerability /

QNAP Patches Four Vulnerabilities Exploited at Pwn2Own  2026-03-23 at 13:50 By Ionut Arghire The flaws could allow attackers to access sensitive information, execute code, or cause unexpected behavior. The post QNAP Patches Four Vulnerabilities Exploited at Pwn2Own  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

QNAP Patches Four Vulnerabilities Exploited at Pwn2Own  Read More »

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

exploited, Featured, Oracle, Oracle Identity Manager, Vulnerabilities, vulnerability, Zero-Day /

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability 2026-03-23 at 09:18 By Eduard Kovacs CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild.  The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek. This article is an excerpt from

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability Read More »

Critical Quest KACE Vulnerability Potentially Exploited in Attacks

exploited, Featured, KACE, Quest, Vulnerabilities, vulnerability /

Critical Quest KACE Vulnerability Potentially Exploited in Attacks 2026-03-21 at 13:00 By Eduard Kovacs The vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector. The post Critical Quest KACE Vulnerability Potentially Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Critical Quest KACE Vulnerability Potentially Exploited in Attacks Read More »

Unpatched ScreenConnect servers open to attack (CVE-2026-3564)

ConnectWise, Don't miss, Hot stuff, MSP, News, remote management, vulnerability /

Unpatched ScreenConnect servers open to attack (CVE-2026-3564) 2026-03-20 at 11:44 By Zeljka Zorz ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution

Unpatched ScreenConnect servers open to attack (CVE-2026-3564) Read More »

The Week in Vulnerabilities: Juniper, Cisco SD-WAN, and Critical ICS Exposure

cyber news, vulnerability, vulnerability management /

The Week in Vulnerabilities: Juniper, Cisco SD-WAN, and Critical ICS Exposure 2026-03-20 at 11:15 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,641 vulnerabilities between March 04 and March 10, 2026. Of these, 175 vulnerabilities already have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of real-world attacks.  A total of 200 vulnerabilities were rated critical under CVSS v3.1, while 61

The Week in Vulnerabilities: Juniper, Cisco SD-WAN, and Critical ICS Exposure Read More »

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

AI, Artificial Intelligence, exploited, Langflow, Vulnerabilities, vulnerability /

Critical Langflow Vulnerability Exploited Hours After Public Disclosure 2026-03-20 at 10:42 By Ionut Arghire Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution. The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Langflow Vulnerability Exploited Hours After Public Disclosure Read More »

Critical ScreenConnect Vulnerability Exposes Machine Keys

ConnectWise, ScreenConnect, Vulnerabilities, vulnerability /

Critical ScreenConnect Vulnerability Exposes Machine Keys 2026-03-19 at 22:27 By Ionut Arghire Latest ScreenConnect version adds encrypted storage and management to prevent unauthorized access to machine keys. The post Critical ScreenConnect Vulnerability Exposes Machine Keys appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical ScreenConnect Vulnerability Exposes Machine Keys Read More »

Russian APT Exploits Zimbra Vulnerability Against Ukraine

CISA KEV, exploited, Malware & Threats, phishing, Vulnerabilities, vulnerability, Zimbra /

Russian APT Exploits Zimbra Vulnerability Against Ukraine 2026-03-19 at 16:53 By Ionut Arghire Insufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser. The post Russian APT Exploits Zimbra Vulnerability Against Ukraine appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Russian APT Exploits Zimbra Vulnerability Against Ukraine Read More »

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)

CISA, Don't miss, Hot stuff, Microsoft, News, SharePoint, vulnerability /

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) 2026-03-19 at 13:32 By Zeljka Zorz CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers. The confirmation comes from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) Read More »

Scroll to Top