Researchers have discovered that nearly a dozen UEFI shim bootloaders, which were deemed vulnerable and subsequently revoked, remained trusted for years. This oversight allowed attackers an opportunity to bypass the Secure Boot feature designed to protect systems from unauthorized software. The situation raises significant security concerns, particularly for users and organizations relying on Secure Boot to safeguard their devices. The affected bootloaders could have been exploited to run malicious code, potentially compromising the integrity of the systems. As this issue has persisted for some time, it highlights the need for better management of trusted software components in the boot process.
Articles tagged "Vulnerability"
Found 928 articles
A recently discovered vulnerability in Cursor allows attackers to execute arbitrary code on users' systems without their consent. By creating a malicious repository containing a 'git.exe' file in the project root, attackers can exploit this flaw, which Cursor executes automatically when the repository is accessed. This puts users at significant risk, especially those who frequently interact with repositories from untrusted sources or do not have adequate security measures in place. As there is currently no patch available to fix this issue, users should be cautious when using Cursor and consider limiting their exposure to potentially harmful repositories. This vulnerability serves as a reminder of the importance of maintaining security hygiene in software development environments.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to quickly address three vulnerabilities in SharePoint that are currently being exploited by attackers. Among these, two have been identified as zero-days, meaning they are actively targeted before a patch was made available. This situation poses significant risks to users of SharePoint, as attackers could gain unauthorized access to sensitive data or disrupt operations. Organizations that use SharePoint are advised to prioritize patching these vulnerabilities to protect their systems and data from potential breaches. Immediate action is crucial to mitigate the risks associated with these exploits.
A new AI-powered system has been developed to automatically find complex software vulnerabilities, referred to as a 'vulnerability vending machine.' This system utilizes code slicing alongside large language models (LLMs) to discover previously unknown security flaws. Recently, it successfully identified and exploited a zero-day vulnerability in a WordPress plugin, which had not been publicly known before. The company behind this technology is also working on additional vulnerabilities that are currently under responsible disclosure, meaning they are notifying affected parties before making the details public. This development raises concerns about the ease of finding and exploiting software vulnerabilities, potentially putting many users and systems at risk if such tools become widely accessible.
The Hacker News
Mozilla has rolled out updates for Firefox to fix two serious vulnerabilities that could be exploited by attackers. The flaws, identified as CVE-2026-15718 and CVE-2026-15719, involve issues with JavaScript: WebAssembly and site isolation in the DOM: Navigation component. Mozilla has warned users that exploit code for these vulnerabilities is already available publicly, increasing the urgency for users to update. It’s crucial for Firefox users to install these updates promptly to protect against potential attacks that could compromise their security and privacy. Keeping software up to date is a key defense against such risks.
Hackread – Cybersecurity News, Data Breaches, AI and More
A vulnerability in Claude Desktop has been discovered that allows attackers to submit hidden prompts with just one click. This flaw could lead to unauthorized access to chat conversations and even enable remote code execution on vulnerable systems. Users of Claude Desktop should be particularly cautious, as this could impact the integrity and confidentiality of their data. The ease of exploitation raises concerns about the potential for widespread misuse. It is essential for users to stay informed about this issue and apply any necessary updates or security measures as they become available.
The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. The first, CVE-2023-4346, affects the KNX Protocol Connection Authorization Option 1, which has an overly restrictive account lockout mechanism, making it a target for attackers. The second, CVE-2026-46817, involves improper privilege management in Oracle E-Business Suite. These vulnerabilities pose significant risks, particularly to federal agencies, which are required by CISA's Binding Operational Directive 26-04 to prioritize rapid remediation of high-risk vulnerabilities. While this directive specifically applies to federal agencies, CISA encourages all organizations to adopt similar practices. Organizations that identify exploited vulnerabilities not listed in the KEV Catalog can submit them for potential inclusion.
Fortinet, Ivanti, and ServiceNow have all issued important patches for various vulnerabilities in their products. A notable issue was found in the ServiceNow AI platform, where a critical security flaw could allow remote attackers to execute arbitrary code. This vulnerability poses a significant risk to users, as it could enable unauthorized access and control over affected systems. Organizations using the ServiceNow platform should act quickly to apply the available updates to protect against potential exploitation. The situation serves as a reminder for companies to regularly update their software to mitigate risks from such vulnerabilities.
Progress has confirmed that a zero-day vulnerability was behind the recent disruption of its ShareFile service. This issue specifically impacted customers using the Storage Zones Controller, who experienced access problems. To address the situation, Progress has rolled out a fix that these customers can apply to restore functionality. The existence of a zero-day exploit raises concerns about the security of the affected systems, as attackers could have potentially leveraged this vulnerability before it was patched. Users of ShareFile should prioritize applying the fix to mitigate any risks associated with this vulnerability.
SonicWall has issued a warning about active attacks targeting two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 appliances. These vulnerabilities were identified by Adam Babis from SonicWall's Product Security Incident Response Team (PSIRT) and include a serious flaw that allows for arbitrary command execution. The company has confirmed that these vulnerabilities are being actively exploited in the wild, which poses a significant risk to organizations using these appliances. Users of the SMA 1000 series should be particularly vigilant, as the exploitation could lead to unauthorized access and control over their systems. It's crucial for affected organizations to take immediate action to protect their networks.
SonicWall has reported that two zero-day vulnerabilities affecting its Secure Mobile Access (SMA) 1000 series appliances are currently being exploited. One of these vulnerabilities, identified as CVE-2026-15409, has a critical CVSS score of 10.0 and allows remote attackers to execute arbitrary commands through a server-side request forgery (SSRF). This means that attackers can potentially gain unauthorized access to sensitive systems. The exploitation of these vulnerabilities poses a significant risk to organizations using these appliances, as it could lead to severe security breaches. SonicWall's warning emphasizes the urgency for users to address these issues to protect their networks.
SonicWall has issued a warning about two vulnerabilities in its SMA1000 series, identified as CVE-2026-15409 and CVE-2026-15410. These flaws are being actively exploited by attackers in zero-day attacks, meaning they are being targeted before a fix has been widely implemented. As such, SonicWall is urging all users of the SMA1000 series to apply the newly released security updates to protect against these threats. Failure to patch could leave systems vulnerable to unauthorized access and potential data breaches. Users should prioritize this update to maintain the security of their networks.
SAP has issued critical updates in July 2026 to fix several vulnerabilities, including a serious flaw in the SAP NetWeaver Application Server ABAP, identified as CVE-2026-44747. This vulnerability has a CVSS score of 9.9 and involves an out-of-bounds write issue that could allow an authenticated attacker to exploit memory management errors. If successfully executed, this could lead to memory corruption, potentially enabling attackers to expose or modify sensitive data. Organizations using the affected SAP NetWeaver Application Server should prioritize these updates to protect their systems from possible exploitation. Timely patching is crucial to maintaining the integrity and confidentiality of their data.
Help Net Security
SonicWall has identified two vulnerabilities in its Secure Mobile Access (SMA) 1000 Series appliances, known as CVE-2026-15409 and CVE-2026-15410, which are currently being exploited by attackers. The company is urging its customers to upgrade to a fixed firmware version immediately and to check for signs of compromise on their systems. If any indicators of compromise are found, SonicWall recommends that organizations re-image their hardware or redeploy their virtual appliances, change all user and administrator passwords, and reset any Time-based One-Time Password (TOTP) tokens. This situation raises concerns for organizations relying on these appliances for secure remote access, as attackers could exploit these vulnerabilities to gain unauthorized access to sensitive information. Swift action is essential to mitigate potential risks.
Progress Software has confirmed that a serious zero-day vulnerability led to the emergency shutdown of ShareFile Storage Zone Controllers last week. Users of ShareFile, a cloud-based file sharing and storage service, were affected as the company worked to address the flaw. Progress has since released security updates to patch this vulnerability, which could have potentially allowed unauthorized access or data breaches. This incident is significant because it underscores the risks associated with cloud storage services, highlighting the need for users to ensure their systems are updated promptly to protect sensitive data.