Articles tagged "Vulnerability"

Found 929 articles

Ransomware attacks targeting European organizations have surged in early 2026, with third-party suppliers identified as a key vulnerability. A report by Black Kite analyzed over 2,000 ransomware incidents from January 2025 to April 2026 across 31 countries, revealing that attackers are increasingly exploiting supply chains to gain access to larger organizations. This trend poses significant risks to businesses dependent on these suppliers, as a breach can lead to widespread disruption and financial loss. The convergence of rising ransomware threats, supply chain weaknesses, and evolving regulations complicates the cybersecurity landscape for European companies. Organizations are urged to strengthen their defenses, particularly around third-party vendors, to mitigate these risks.

Read Original

In a recent discussion, cybersecurity expert Sandy Bird addressed the challenges of maintaining cloud visibility and the risks associated with vulnerabilities like FortiBleed. This specific flaw affects Fortinet's FortiOS and FortiProxy, which are widely used in enterprise environments. If exploited, it can allow attackers to gain unauthorized access to sensitive data. The conversation also touched on how many security incidents occur due to simple oversights, emphasizing the need for better monitoring and security practices. As more organizations move their operations to the cloud, understanding these vulnerabilities is crucial for safeguarding against potential breaches.

Read Original
Actively Exploited

A significant security vulnerability in Cisco's Catalyst SD-WAN Manager has been exploited by attackers months before its public disclosure. The flaw, which was revealed in early June, was reportedly being used in attacks as early as March. This situation raises serious concerns for organizations using Cisco's SD-WAN technology, as they may have been at risk for an extended period without knowledge of the threat. Companies are urged to review their systems and apply any available patches to mitigate potential risks. The exploitation of this vulnerability highlights the importance of timely disclosures and the need for vigilance in monitoring systems for suspicious activity.

Read Original

Recent research has explored how large language models (LLMs) are vulnerable to prompt injection attacks. The study reveals that LLMs don't just respond to role tags but also learn to recognize the style of text in different instruction blocks. This means that attackers could manipulate LLMs by using innocuous-seeming text to subtly influence their responses. The researchers argue that without a true understanding of roles, defenses against prompt injection will be an ongoing challenge. This is significant because it exposes a fundamental weakness in LLMs that could lead to misuse in various applications, affecting users and developers alike.

Read Original

A recently discovered flaw in macOS allows standard users to disable Endpoint Detection and Response (EDR) and Mobile Device Management (MDM) features, which are critical for maintaining device security and management. This vulnerability could be exploited by malicious actors to weaken security controls, making it easier for them to execute attacks or gain unauthorized access to sensitive data. All macOS versions that support EDR and MDM functionalities are affected. Organizations using these features should be particularly vigilant, as the ability for unauthorized users to disable such protections can lead to significant security risks. As of now, there is no indication that this vulnerability is being actively exploited in the wild, but the potential for misuse remains a concern for IT departments.

Read Original

A new report from Black Kite reveals a significant spike in ransomware attacks across Europe, with incidents rising by more than 50% over the past year. The analysis also highlights a troubling increase in supply chain attacks, which can compromise multiple organizations through a single vulnerability. This surge in ransomware poses a serious risk to businesses, governments, and critical infrastructure, leading to potential data loss and financial damage. Companies need to be vigilant and strengthen their cybersecurity measures to protect against these escalating threats. The findings serve as a stark reminder of the ongoing challenges in cybersecurity and the need for proactive defenses.

Read Original

Curl, the widely used open-source data transfer tool, has patched a vulnerability that has existed for 25 years. This update also addresses a total of 18 medium and low-severity vulnerabilities. The fixes are crucial for developers and organizations that rely on Curl for transferring data over various protocols, as these vulnerabilities could potentially be exploited if left unaddressed. Users of Curl should ensure they update to the latest version to protect their systems and data from possible attacks. Regular updates are essential in maintaining security, especially with tools that have been in use for such a long time.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

Security Affairs

Actively Exploited

A serious vulnerability in Cisco Catalyst SD-WAN, identified as CVE-2026-20245, has been exploited by hackers for months before it was publicly disclosed. This flaw, which has a CVSS score of 7.8, allows authenticated attackers to execute privileged commands on affected systems. Google-owned Mandiant reported that the exploitation occurred at least two months prior to the disclosure, raising concerns about the security of networks using this technology. Organizations using Cisco Catalyst SD-WAN should take immediate action to secure their systems, as this vulnerability poses a significant risk to network integrity. The incident serves as a reminder of the importance of timely disclosure and patch management in cybersecurity.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

The Hacker News

Actively Exploited

A recently discovered vulnerability in Cisco Catalyst SD-WAN has been exploited by an unknown attacker for at least two months before its public disclosure. This security flaw, identified as CVE-2026-20245, has a high severity rating of 7.8 and allows an authenticated local attacker to execute arbitrary commands with elevated privileges. This means that if an attacker gains access to a system, they could potentially take control of critical functions within the network. Companies using Cisco Catalyst SD-WAN should be aware of the risk posed by this vulnerability and take immediate action to protect their systems. The findings from Mandiant underscore the importance of timely patching and monitoring for unusual activity in network environments.

Read Original

Mandiant has reported on a serious vulnerability in Cisco's Catalyst SD-WAN, identified as CVE-2026-20245, which has been exploited by hackers to gain root access to affected devices. This zero-day attack allows attackers to create unauthorized root accounts, compromising network security for organizations using this technology. The vulnerability poses a significant risk to businesses relying on Cisco's SD-WAN solutions, as it can lead to unauthorized access and potential data breaches. Companies should urgently assess their systems for this vulnerability and implement necessary security measures to protect their networks.

Read Original

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a serious vulnerability affecting Lantronix EDS5000 Series devices. This flaw, identified as CVE-2025-67038, has a high severity score of 9.8 and involves a code injection issue that could allow attackers to execute malicious code. CISA is urging Federal Civilian Executive Branch agencies to implement available fixes before the deadline of June 26, 2026. The active exploitation of this vulnerability raises concerns about potential unauthorized access and control over affected devices, which could lead to significant security breaches. Organizations using these devices should prioritize applying security updates to mitigate risks.

Read Original

Researchers from LayerX have successfully tricked AI browsers, including ChatGPT Atlas and Comet, into revealing sensitive user credentials. By exploiting weaknesses in the systems' guardrails, they demonstrated that these AI tools could be manipulated to bypass security measures designed to protect user data. This incident raises significant concerns about the reliability of AI-driven applications, especially as they become more integrated into daily online activities. Users of these AI browsers should be aware of the potential risks and take extra precautions when sharing sensitive information. The findings suggest that AI systems need stronger safeguards to prevent similar exploits in the future.

Read Original
Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about serious vulnerabilities in Ubiquiti UniFi OS and Lantronix serial-to-ethernet servers that are currently being exploited by hackers. These flaws could allow attackers to gain unauthorized access and control over affected systems. The vulnerabilities pose a significant risk to users, including businesses and organizations relying on these technologies for network management. CISA emphasizes the urgency for affected users to take immediate action to protect their networks from potential breaches. Prompt updates and patches are essential to mitigate these risks and secure vulnerable systems.

Read Original

A newly discovered vulnerability in Samsung's KNOX security platform, identified as CVE-2026-20971, arises from a race condition in the kernel's process integrity validation. This flaw could potentially allow attackers to bypass security measures, putting devices at risk. Users of Samsung devices utilizing the KNOX platform should be particularly cautious, as the vulnerability might expose sensitive data or allow unauthorized access. Samsung has addressed this issue by releasing a patch, and it is crucial for users to apply this update promptly to secure their devices. Keeping software up to date is essential to avoid exploitation of such vulnerabilities.

Read Original

A newly discovered vulnerability, CVE-2026-20230, affects Cisco's Unified Communications Manager (Unified CM) and is currently being exploited in the wild. This issue is a server-side request forgery (SSRF) flaw that allows attackers to drop webshells and execute code remotely on the affected servers. According to threat intelligence firm Defused, automated attacks have been observed using the Tor network to deploy these webshells. The exploitation process involves abusing the WebDialer SSRF to install a malicious Apache Axis service, which then facilitates the execution of further malicious payloads. Organizations using Cisco Unified CM should be aware of this security threat and take steps to mitigate potential risks.

Read Original
PreviousPage 10 of 62Next