Articles tagged "Vulnerability"

Found 937 articles

Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts

Hackread – Cybersecurity News, Data Breaches, AI and More

At Pwn2Own Berlin 2026, cybersecurity researchers showcased 47 different zero-day exploits, targeting well-known enterprise software and artificial intelligence platforms. This event, which is part of an ongoing competition to identify security vulnerabilities, underscores the persistent risks facing organizations that rely on these technologies. Major software vendors are particularly affected, as these exploits could potentially allow attackers to gain unauthorized access or control over systems. The findings stress the need for companies to prioritize security updates and vulnerability management to protect sensitive data and maintain system integrity. The significant payout of $1.3 million for these discoveries further emphasizes the financial incentive for researchers to identify and report such vulnerabilities.

Read Original

Drupal has announced that it will release a core security update on May 20, 2026, between 5-9 p.m. UTC. This update will affect all supported versions of the Drupal content management system. The Drupal Security Team is advising users to prepare for the update, as vulnerabilities could be exploited shortly after the release. It’s crucial for site administrators to allocate time for these updates to protect their websites from potential attacks. Ignoring these updates could leave sites vulnerable to exploits within days of the release.

Read Original

Researchers recently released a proof of concept (PoC) for a vulnerability in the Linux kernel known as DirtyDecrypt, which was patched back in April. This vulnerability allows local attackers to gain elevated privileges, potentially giving them root access to affected systems. While the vulnerability was addressed in a previous update, the release of the PoC means that those who haven't applied the patch could be at risk. It is crucial for users and administrators of Linux systems to ensure they are running the latest updates to mitigate this risk. The implications of this vulnerability are significant, especially for environments where security is paramount, such as servers and critical infrastructure.

Read Original

A newly discovered vulnerability, identified as CVE-2026-8153, poses a significant risk to Universal Robots' PolyScope 5 software used in industrial robot fleets. This flaw allows attackers to exploit the system through OS command injection, potentially compromising the operation of robotic systems. Organizations using these robots could face unauthorized access and manipulation of their automated processes, leading to operational disruptions or safety hazards. The issue highlights the need for companies to assess their systems and take proactive measures to safeguard their robotic operations. Immediate attention to this vulnerability is crucial for maintaining security in environments that rely on industrial automation.

Read Original

A newly discovered zero-day vulnerability in Microsoft Exchange, tracked as CVE-2026-42897, poses a significant risk as it allows attackers to exploit cross-site scripting (XSS) to compromise Outlook Web Access (OWA) mailboxes. This vulnerability is reportedly under active attack, meaning that malicious actors are currently trying to exploit it in the wild. Organizations using Microsoft Exchange should be particularly vigilant, as the absence of an available patch leaves their systems exposed. Without immediate remediation, users could face unauthorized access to sensitive email communications. Companies are advised to implement security measures, such as input validation and monitoring for suspicious activity, until an official patch is released.

Read Original

Recent vulnerabilities in the OpenClaw framework, which is gaining popularity for AI agent deployments, have been patched after being discovered. These flaws could allow attackers to steal user credentials, escalate their access privileges, and maintain control over affected systems. Organizations using OpenClaw should be particularly vigilant, as these vulnerabilities pose serious risks if exploited. The issue underscores the importance of keeping software up to date to prevent unauthorized access and data breaches. Users are encouraged to apply the latest security patches to safeguard their deployments.

Read Original
Actively Exploited

A serious vulnerability has been discovered in F5 NGINX, a widely used web server technology that powers about one-third of all websites globally. This vulnerability is currently being exploited by attackers, raising alarms among cybersecurity experts. The issue poses a significant risk to countless websites and web applications that rely on NGINX for handling web traffic. Organizations using NGINX should take immediate action to assess their systems and implement necessary security measures to protect against potential attacks. The urgency of this situation is underscored by the fact that the vulnerability is actively being targeted in the wild, making prompt remediation essential to prevent data breaches and other malicious activities.

Read Original

Security experts at Cyera have discovered four vulnerabilities in the OpenClaw AI agent, collectively termed Claw Chain. These issues affect all versions of OpenClaw released before April 23, 2026, putting thousands of servers at risk. The vulnerabilities could potentially allow attackers to exploit systems running outdated versions of the software, which is significant given the widespread use of OpenClaw in various applications. Organizations using OpenClaw should prioritize updating their systems to the latest version to prevent any potential exploitation. This situation serves as a reminder of the importance of keeping software up to date to protect against emerging threats.

Read Original

A serious vulnerability in NGINX, identified as CVE-2026-42945 and nicknamed NGINX Rift, is currently being exploited by attackers. Disclosed last week, this flaw allows attackers to send specially crafted HTTP requests to vulnerable NGINX servers, potentially leading to denial-of-service conditions and even unauthenticated remote code execution. NGINX is the most widely used web server, meaning a large number of websites and applications could be at risk. Security researcher Patrick Garrity highlighted the urgency of addressing this vulnerability as it poses significant risks to web services that rely on NGINX. It's crucial for administrators to take immediate action to protect their systems from these exploits.

Read Original

A researcher has released an exploit called MiniPlasma that targets a Windows vulnerability from 2020, identified as CVE-2020-17087, which remains unpatched. This exploit uses the original proof-of-concept code, and it has raised concerns among security experts about its potential use in real-world attacks. The vulnerability affects various versions of Windows, making a significant number of users and organizations vulnerable if they have not applied necessary updates. The release of this exploit could lead to increased risks for those systems still running the affected versions, as attackers may use it for unauthorized access or other malicious activities. Companies and users are urged to check their systems and apply any available patches to protect against potential exploitation.

Read Original

The Canvas learning platform experienced a significant cyberattack that disrupted services across North America. This breach has raised alarms about the vulnerability of Software as a Service (SaaS) applications and has exposed how many organizations are unprepared for such incidents. The attack serves as a reminder that merely having preventive measures in place is no longer sufficient to protect against evolving cyber threats. As schools and educational institutions rely heavily on digital platforms for learning, the impact of this breach is particularly concerning, affecting students and educators alike. It calls for a reevaluation of security strategies to better defend against future attacks.

Read Original

A security researcher known as Chaotic Eclipse has disclosed a serious zero-day vulnerability in Windows called MiniPlasma, which allows attackers to gain SYSTEM privileges on fully updated Windows 11 systems. This flaw, affecting the 'cldflt.sys' file, was believed to have been patched back in 2020 under the CVE-2020-17103 designation, but it appears that the fix was either incomplete or not properly implemented. The existence of a proof-of-concept exploit for this vulnerability raises significant concerns for users and organizations, as it could allow malicious actors to escalate their privileges and potentially take control of affected systems. This issue affects all patched versions of Windows 11, meaning a wide range of users are at risk. Companies should prioritize reviewing their security protocols and consider additional monitoring to mitigate potential exploitation.

Read Original

A recently discovered vulnerability in the Linux kernel's rxgk module allows attackers to escalate their privileges and gain root access on certain systems. This flaw has been patched, but a proof-of-concept exploit is now available, which can be used by malicious actors to take control of affected machines. Users of Linux systems, particularly those running versions that include the vulnerable module, are at risk. It's crucial for system administrators to apply the latest patches to protect against potential exploitation. The existence of an exploit in the wild raises significant concerns about the security of Linux environments, especially in sensitive applications.

Read Original
Actively Exploited

A recent report by Synack indicates that organizations are facing increased risks from cybersecurity vulnerabilities, with the time between discovering a vulnerability and its exploitation now reduced to just hours. This rapid exploitation is partly due to the rise of autonomous AI systems, which can create new attack surfaces that are difficult for human experts to monitor and understand. While automated scanning tools can identify known security signatures, they often fail to catch more complex issues like logic flaws and misconfigurations. As a result, companies may find themselves exposed to attacks much faster than before, emphasizing the need for improved security measures and human oversight in cybersecurity practices.

Read Original

A cybersecurity researcher has disclosed a serious vulnerability in Windows, known as 'MiniPlasma', which allows attackers to escalate their privileges to SYSTEM level on fully patched systems. This zero-day exploit poses a significant risk because it can enable unauthorized access to sensitive data and system controls. Users of Windows systems, particularly those in corporate environments, should be on high alert as this exploit can potentially be used in cyberattacks. The researcher has also released a proof-of-concept (PoC) for the exploit, which can facilitate its misuse by malicious actors. This situation underscores the need for immediate attention to system security measures and vigilance against potential exploitation.

Read Original
PreviousPage 18 of 63Next