Articles tagged "Vulnerability"

Found 929 articles

A serious security flaw has been discovered in Cisco Unified Communications Manager (Unified CM) and its Session Management Edition (Unified CM SME). The vulnerability, identified as CVE-2026-20230, has a CVSS score of 8.6, indicating its severity. It involves improper input validation for specific HTTP requests, which could allow attackers to execute commands remotely without authentication. This means that unauthorized individuals could potentially gain root access to affected systems. Companies using these Cisco products need to act quickly to protect their networks, as the flaw is already being exploited in the wild.

Read Original

Dify has experienced a serious security vulnerability identified as CVE-2026-41947, which affects its tracing system. This flaw allows attackers to establish a persistent channel that can extract any messages and responses from applications that the attacker can access, all without needing authentication. This could potentially expose sensitive data across different tenants using Dify's services. Organizations using Dify must take this issue seriously as it poses a risk to their data security. It's crucial for affected users to assess their exposure and implement necessary security measures to mitigate this risk.

Read Original

Samsung has patched a serious vulnerability in its KNOX security software that affects millions of Galaxy devices. The flaw, identified as CVE-2026-20971, is a use-after-free vulnerability located in the kernel, specifically within the PROCA/FIVE component. This issue could allow attackers to exploit the software designed to protect devices, raising significant security concerns for users. Samsung released a fix for this flaw in January 2026, but the potential for exploitation underscores the need for users to update their devices promptly. The vulnerability puts millions of Galaxy users at risk, highlighting the importance of maintaining security updates for mobile devices.

Read Original
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

BleepingComputer

Actively Exploited

A serious vulnerability, identified as CVE-2026-20230, has been discovered in Cisco's Unified Communications Manager Server. This Server-Side Request Forgery (SSRF) flaw is currently being exploited by attackers, raising concerns for organizations using this software. The vulnerability could allow malicious actors to manipulate requests sent from the server, potentially leading to unauthorized access to sensitive systems. Companies that rely on Cisco's Unified Communications infrastructure need to prioritize patching their systems to protect against these active exploits. As the situation evolves, it is crucial for affected users to stay informed and take immediate action to mitigate risks.

Read Original

Xsolis, a healthcare technology firm, reported a data breach affecting approximately 1.4 million individuals. The breach occurred due to a phishing attack, which allowed attackers to gain unauthorized access to the company's network. The compromised data includes sensitive personal information, raising serious concerns about privacy and security for those affected. This incident underscores the vulnerability of healthcare organizations to cyberattacks, especially as they increasingly rely on digital systems. Individuals whose data was exposed may face risks such as identity theft and fraud, prompting a need for vigilance and protective measures.

Read Original

A significant cyber operation called FortiBleed has been uncovered, targeting over 430,000 FortiGate firewalls worldwide. This operation, attributed to a Russian-speaking group known as an initial access broker, has been active since February 2026 and focuses on harvesting user credentials. The attackers are employing various tactics, including probing for exposed services and brute-forcing systems to gain unauthorized access. With the scale of this operation, organizations using FortiGate firewalls should be particularly vigilant about their security practices. Failure to address these vulnerabilities could lead to compromised systems and sensitive data breaches.

Read Original

Recently disclosed vulnerabilities can be exploited by attackers much faster than organizations can patch them. This has raised concerns among security teams about their ability to validate whether these vulnerabilities can be exploited, even before public exploits are available. Picus Security has suggested methods for security teams to assess the exploitability of these vulnerabilities proactively. This approach is crucial for organizations to stay ahead of potential attacks and mitigate risks effectively. As the pace of vulnerability disclosure increases, companies need to develop strategies to quickly evaluate and address these security gaps to protect their systems and data.

Read Original

A newly discovered vulnerability in FFmpeg, dubbed ‘PixelSmash’, could allow attackers to execute remote code via specially crafted video files. This flaw occurs due to a heap buffer overflow that can overwrite a function pointer, potentially giving the attacker control over the affected system. Users of FFmpeg, especially those incorporating it into other applications or services, need to be aware of this risk, as it could lead to serious security breaches. Developers and system administrators are urged to monitor their systems closely and apply any available patches to mitigate the threat. The vulnerability underscores the importance of maintaining up-to-date software in order to protect against exploitation.

Read Original

A security vulnerability known as the PixelSmash flaw has been discovered in FFmpeg's libavcodec library, which is used by various video players, media servers, and NAS appliances. This weakness allows attackers to craft malicious media files that can execute arbitrary code in any application leveraging this library. As a result, systems using FFmpeg could be compromised simply by processing these specially designed files. This is a significant concern for users and organizations relying on FFmpeg for media handling, as it opens the door for potential remote code execution attacks. Companies should prioritize reviewing their media processing systems and apply necessary updates to mitigate this risk.

Read Original
Actively Exploited

Anthropic's Fable 5 model, designed to be a safer version of its Mythos Preview, has been compromised shortly after its release. The model was built with guardrails to prevent its misuse in creating cyberattacks. However, researchers discovered that these protections could be bypassed within days of the model becoming available. This incident raises concerns about the security of AI models and the potential for misuse, particularly as they become more integrated into various applications. The ability to circumvent these safety measures could lead to harmful applications, emphasizing the need for stronger safeguards in AI technologies.

Read Original

Vishing, or voice phishing, is emerging as a significant cybersecurity threat as attackers increasingly target employees through phone calls instead of emails. This method of social engineering exploits human behavior, tricking individuals into divulging sensitive information or performing actions that compromise security. Companies must be vigilant, as these attacks can lead to data breaches or financial loss. To protect against vishing, organizations should educate employees about the risks, establish clear protocols for verifying callers, implement call monitoring systems, and encourage reporting of suspicious calls. By taking these proactive measures, companies can reduce their vulnerability to this type of fraud.

Read Original

A recently discovered vulnerability in FFmpeg, known as 'PixelSmash', poses a risk of remote code execution on Jellyfin servers and can lead to denial-of-service issues in several popular applications. These applications include Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. This flaw could allow attackers to exploit the video decoder under specific conditions, potentially disrupting services for users. As such, it is crucial for administrators of affected systems to take action to protect their servers and applications. The disclosure of this flaw emphasizes the ongoing need for vigilance in maintaining software security, especially for widely used tools in media and content delivery.

Read Original
Texas Parks and Wildlife Data Breach Affects Over 3M License Customers

Hackread – Cybersecurity News, Data Breaches, AI and More

A significant data breach has affected approximately 3 million Texas license holders due to an attack on a third-party vendor associated with the Texas Parks and Wildlife Department. The breach has exposed sensitive information, including driver's license and passport numbers, raising concerns about identity theft and fraud. This incident underscores the risks that come with relying on third-party services, as the data of millions can be compromised through a single vulnerability. Texas authorities have not specified how the breach occurred or what immediate steps are being taken to address the situation. License holders are advised to monitor their accounts and consider identity theft protection services in light of this exposure.

Read Original

A vulnerability in certain versions of the Gravity SMTP plugin for WordPress has been exploited by attackers to extract sensitive information. This flaw allows the leakage of API keys, tokens, server details, and other confidential data. Websites using outdated or unpatched versions of the plugin are particularly at risk. This incident is concerning because it can lead to unauthorized access and further exploitation of affected sites. Users and website administrators are urged to update their plugins to protect against these data leaks and ensure the security of their WordPress installations.

Read Original

A new exploit called Usbliter8 has been discovered that bypasses Apple’s boot defenses, affecting millions of iPhones. This vulnerability cannot be patched, and researchers have released a proof-of-concept exploit, raising concerns about the potential for misuse. Users of affected iPhone models should be particularly vigilant, as this exploit could allow attackers to gain unauthorized access to devices. The widespread nature of this issue makes it critical for Apple to address, as it could lead to increased risks for personal data and security. As of now, there are no known patches or updates to mitigate this vulnerability, leaving many devices exposed.

Read Original
PreviousPage 11 of 62Next