vulnerability

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover 2026-05-08 at 11:42 By Ionut Arghire Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover appeared first on SecurityWeek. This article is an […]

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover Read More »

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks 2026-05-08 at 11:42 By Eduard Kovacs CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks Read More »

One keypress is all it takes to compromise four AI coding tools

One keypress is all it takes to compromise four AI coding tools 2026-05-08 at 01:14 By Mirko Zorz Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you

One keypress is all it takes to compromise four AI coding tools Read More »

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack 2026-05-07 at 14:33 By Ionut Arghire Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack Read More »

Cisco Patches High-Severity Vulnerabilities in Enterprise Products

Cisco Patches High-Severity Vulnerabilities in Enterprise Products 2026-05-07 at 14:33 By Ionut Arghire Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Patches High-Severity Vulnerabilities in Enterprise Products Read More »

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls 2026-05-06 at 09:24 By Eduard Kovacs CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls Read More »

Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft

Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft 2026-05-05 at 17:46 By Ionut Arghire Dubbed Bleeding Llama, the heap out-of-bounds read issue can be exploited remotely, without authentication. The post Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft Read More »

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server 2026-05-05 at 17:46 By Ionut Arghire The most severe of these security defects could allow remote attackers to execute arbitrary code. The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server Read More »

Critical Remote Code Execution Vulnerability Patched in Android

Critical Remote Code Execution Vulnerability Patched in Android 2026-05-05 at 17:46 By Eduard Kovacs CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction.  The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Remote Code Execution Vulnerability Patched in Android Read More »

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs 2026-05-05 at 13:20 By Ionut Arghire The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs Read More »

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities 2026-05-05 at 13:20 By Eduard Kovacs The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge 2026-05-01 at 18:20 By Eduard Kovacs The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million. The post Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge appeared first

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge Read More »

SonicWall Urges Immediate Patching of Firewall Vulnerabilities

SonicWall Urges Immediate Patching of Firewall Vulnerabilities 2026-04-30 at 18:18 By Ionut Arghire The bugs could be exploited to bypass security controls, access restricted services, and crash firewalls. The post SonicWall Urges Immediate Patching of Firewall Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SonicWall Urges Immediate Patching of Firewall Vulnerabilities Read More »

The Week in Vulnerabilities: GitHub Enterprise, Argo CD, Oracle Identity Manager, and Mozilla Security Flaws

The Week in Vulnerabilities: GitHub Enterprise, Argo CD, Oracle Identity Manager, and Mozilla Security Flaws 2026-04-30 at 16:45 By Ashish Khaitan The latest weekly vulnerability Insights report to clients by Cyble provides a detailed view of vulnerabilities tracked between April 15, 2026, and April 21, 2026. The findings highlight a slight dip in overall disclosures compared to the previous week, but the persistence

The Week in Vulnerabilities: GitHub Enterprise, Argo CD, Oracle Identity Manager, and Mozilla Security Flaws Read More »

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks 2026-04-30 at 16:02 By Eduard Kovacs An attacker could have planted a malicious configuration to execute commands outside the sandbox. The post Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks Read More »

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) 2026-04-30 at 15:31 By Zeljka Zorz Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Read More »

EnOcean SmartServer Flaws Expose Buildings to Remote Hacking

EnOcean SmartServer Flaws Expose Buildings to Remote Hacking 2026-04-30 at 15:31 By Eduard Kovacs Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution. The post EnOcean SmartServer Flaws Expose Buildings to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

EnOcean SmartServer Flaws Expose Buildings to Remote Hacking Read More »

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months 2026-04-30 at 14:51 By Ionut Arghire The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months Read More »

Scroll to Top