VulnHub

Real-time Cybersecurity News

Splunk, Zoom Patch Severe Vulnerabilities

SecurityWeek
PatchUpdateCriticalSplunkVulnerability

Overview

Splunk and Zoom recently addressed serious vulnerabilities in their software that could allow attackers to execute arbitrary shell commands or gain elevated privileges. These flaws are categorized as critical and high-severity, posing significant risks to users and organizations using these platforms. The vulnerabilities could potentially enable unauthorized access and control over systems, which is particularly concerning for businesses that rely on these tools for communication and data analysis. Users are urged to update their software immediately to mitigate these risks. Both companies have released patches to fix the issues, and it’s crucial for affected users to implement these updates as soon as possible.

Key Takeaways

  • Affected Systems: Splunk software, Zoom application
  • Action Required: Patches released by Splunk and Zoom; users should update their software immediately.
  • Timeline: Newly disclosed

Original Article Summary

Critical- and high-severity flaws could be exploited to execute arbitrary shell commands or elevate privileges. The post Splunk, Zoom Patch Severe Vulnerabilities appeared first on SecurityWeek.

Impact

Splunk software, Zoom application

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Patches released by Splunk and Zoom; users should update their software immediately.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Patch, Update, Critical, and 2 more.

Read Original Article

Related Coverage

Feds Takes Down SocksEscort Proxy Network Used in Global Fraud Schemes

Hackread – Cybersecurity News, Data Breaches, AI and More

Law enforcement agencies in Europe and the United States have successfully dismantled the SocksEscort proxy network, which was built using compromised routers. This network was utilized by cybercriminals for various global fraud schemes, allowing them to mask their online activities. The operation involved cooperation between multiple agencies, highlighting the importance of international collaboration in tackling cybercrime. The disruption of this network is significant as it not only affects the criminals who relied on it but also aims to protect individuals and businesses from the fallout of these fraudulent activities. This incident serves as a reminder of the ongoing threat posed by cybercriminals using compromised infrastructure to conduct illegal operations.

Mar 12, 2026

Iran-linked group claims wiper attack and takedown of medical device maker Stryker

SCM feed for Latest

An Iranian-linked group has claimed responsibility for a wiper attack that targeted the medical device manufacturer Stryker, marking a significant escalation in cyberattacks against U.S. companies since the onset of the Iran conflict on February 28. Wiper malware is designed to erase data and disrupt operations, posing serious risks to critical healthcare infrastructure. Stryker, known for its surgical and medical devices, may face operational challenges as a result of this incident. This attack underscores the increasing use of cyber warfare tactics in geopolitical conflicts, raising concerns about the security of other companies in the healthcare sector and beyond. Organizations are urged to bolster their cybersecurity measures to defend against similar threats.

Mar 12, 2026

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

The Hacker News

A new banking malware known as VENON has been discovered, targeting 33 banks in Brazil. This malware is notable for being written in Rust, which differentiates it from other prevalent malware in the region that typically uses Delphi. It specifically aims to steal user credentials by infecting Windows systems. Researchers first identified VENON last month, raising concerns about its potential impact on Brazilian banking customers. This malware represents an evolving threat in the Latin American cybercrime landscape, and users should be vigilant about their online security.

Mar 12, 2026

Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages

Hackread – Cybersecurity News, Data Breaches, AI and More

Scammers are exploiting security features from Cloudflare to mask fraudulent Microsoft 365 login pages, making it harder for users to identify phishing attempts. This tactic allows attackers to evade detection by antivirus software and security systems, putting sensitive information at risk. Users of Microsoft 365 should be particularly cautious, as these phishing pages can look very convincing and lead to credential theft. The situation emphasizes the need for individuals and organizations to remain vigilant about email security and to double-check URLs before entering personal information. Cybersecurity experts are urging users to enable multi-factor authentication to add an extra layer of protection against such scams.

Mar 12, 2026

Veeam warns of critical flaws exposing backup servers to RCE attacks

BleepingComputer

Veeam Software has issued patches for serious vulnerabilities in its Backup & Replication solution, including four critical remote code execution (RCE) flaws. These vulnerabilities could allow attackers to execute malicious code on affected backup servers, potentially leading to data breaches or system takeovers. Organizations using Veeam's software should prioritize applying these patches to safeguard their systems. The risks are particularly concerning for companies that rely on Veeam for data protection, as failing to address these vulnerabilities could leave sensitive data exposed. This incident serves as a reminder for all users of backup solutions to stay vigilant and ensure their software is up to date.

Mar 12, 2026

Authorities takedown global proxy network SocksEscort

CyberScoop

Authorities have dismantled a global proxy network known as SocksEscort, which had compromised routers and Internet of Things (IoT) devices across 163 countries. This botnet reportedly affected around 369,000 victims and generated approximately $5.8 million in revenue for its cybercriminal operators. The operation's scale demonstrates how widespread such threats can be, as compromised devices can facilitate various cybercrimes, including unauthorized access and data theft. The takedown is a significant step in combating the growing issue of botnets, which can put both individuals and organizations at risk. Users are advised to secure their devices and ensure they are not part of such networks.

Mar 12, 2026