Articles tagged "Vulnerability"

Found 940 articles

Cisco has released a patch for a newly discovered zero-day vulnerability, identified as CVE-2026-20182, which has been actively exploited in targeted attacks. This vulnerability affects Cisco’s SD-WAN products and has been linked to a sophisticated threat actor known as UAT-8616. The exploitation of this flaw marks the sixth zero-day incident involving Cisco in 2026, raising concerns about the security of their products. Companies using Cisco SD-WAN solutions should prioritize applying the latest patches to protect against potential breaches. The ongoing exploitation of this vulnerability highlights the need for vigilance in cybersecurity practices.

Read Original
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

The Hacker News

Actively Exploited

Microsoft has announced a serious security vulnerability affecting on-premise versions of Exchange Server, identified as CVE-2026-42897. This issue, which has a CVSS score of 8.1, is classified as a spoofing vulnerability that arises from a cross-site scripting flaw. The vulnerability has been confirmed to be actively exploited by attackers, which raises significant concerns for organizations still using on-premise Exchange Servers. An anonymous researcher discovered and reported the issue, signaling the need for prompt attention from IT security teams. Organizations must take immediate action to protect their systems and data from potential exploitation.

Read Original

On the first day of Pwn2Own Berlin 2026, researchers showcased their skills by identifying 24 zero-day vulnerabilities across various technologies, earning a total of $523,000 in rewards. The entries targeted popular software, including web browsers, operating systems, AI platforms, and NVIDIA infrastructure. This event is significant as it emphasizes the ongoing security challenges faced by widely used technologies, particularly in the realm of AI. The discoveries made during this competition not only highlight the vulnerabilities that could be exploited by attackers but also serve as a wake-up call for developers and organizations to enhance their security measures. As these zero-days are revealed, it’s crucial for affected vendors to respond swiftly to mitigate potential risks to users.

Read Original

A recent cybersecurity article warns about a significant vulnerability that cannot simply be fixed by applying patches. The issue affects multiple software systems and could leave users exposed if not addressed comprehensively. Researchers emphasize that traditional patch management strategies may not suffice, as attackers could exploit underlying flaws. This situation puts organizations at risk of data breaches and financial losses. The need for a more thorough approach to security is critical for companies relying on these systems.

Read Original
Actively Exploited

A serious vulnerability in Cisco's SD-WAN network control system has been actively exploited, marking the second time this year that attackers have taken advantage of a CVSS 10.0 flaw. This critical bug poses a significant risk as it allows unauthorized access to the network, potentially compromising sensitive data and systems. Organizations using Cisco SD-WAN solutions should be particularly vigilant, as the severity of this vulnerability makes it a prime target for malicious actors. It's crucial for affected users to stay informed about the latest security updates and apply any available patches to mitigate risks associated with this vulnerability.

Read Original

Researchers have identified a new vulnerability in the Linux kernel, named Fragnesia and tracked as CVE-2026-46300, which could allow local attackers to gain root access through page cache corruption. This flaw affects the XFRM ESP-in-TCP subsystem and has a CVSS score of 7.8, indicating a significant risk. If exploited, it could enable attackers to take complete control of the affected systems. It's crucial for users of affected Linux systems to be aware of this vulnerability and take necessary precautions. The disclosure of this flaw highlights ongoing security challenges within the Linux ecosystem.

Read Original

Researchers have discovered an 18-year-old vulnerability in the NGINX open-source web server that could allow attackers to launch denial of service (DoS) attacks and, under certain conditions, execute remote code. The flaw was identified using an automated scanning system, raising concerns for users of NGINX, which is widely used for serving web content. Organizations that rely on NGINX should be particularly vigilant, as this vulnerability poses a risk to the stability and security of their web services. Immediate attention to this issue is crucial to prevent exploitation, especially since the vulnerability has been around for nearly two decades. The long lifespan of such a flaw emphasizes the need for regular security audits and updates in software systems.

Read Original

A serious vulnerability has been identified in Exim, an open-source mail transfer agent, which allows attackers to execute remote code. This flaw, categorized as a user-after-free issue, arises during the TLS shutdown process while processing chunked SMTP traffic. If exploited, it could enable unauthorized access to systems running affected versions of Exim, potentially leading to severe security breaches. Users and organizations relying on Exim for email services should be particularly vigilant. The urgency to patch this vulnerability is critical to prevent potential exploitation by malicious actors.

Read Original

Researchers have discovered a new local privilege escalation vulnerability in the Linux kernel, identified as CVE-2026-46300, and nicknamed 'Fragnesia.' This vulnerability is related to the earlier Dirty Frag bugs and affects the xfrm-ESP Linux module. The flaw was unintentionally introduced when a patch was applied to fix one of the original Dirty Frag vulnerabilities, specifically CVE-2026-43284. This means that systems using the affected module could be at risk, potentially allowing attackers to gain elevated privileges. It is crucial for users and administrators of Linux systems to stay informed about this issue and apply necessary updates as they become available.

Read Original

A new vulnerability known as the Fragnesia flaw has been discovered in the Linux kernel, allowing unprivileged local users to escalate their privileges to root access. This flaw poses a significant risk as it enables attackers with local access to gain complete control over affected systems. Researchers have indicated that various Linux distributions could be impacted, making it crucial for system administrators to assess their environments. The potential for exploitation is concerning, especially in multi-user setups where unauthorized users could exploit this flaw to compromise system integrity. Users and administrators should prioritize patching their systems to mitigate the risk associated with this vulnerability.

Read Original

A new vulnerability named Fragnesia has been discovered in the Linux kernel, marking the third major flaw identified within two weeks. Researchers indicate that artificial intelligence tools are accelerating the process of uncovering these security issues, often faster than developers can implement fixes. This vulnerability could potentially affect a wide range of Linux-based systems, posing risks to users and organizations relying on this operating system. The ongoing discovery of these flaws raises concerns about the security of Linux environments, especially as they are commonly used in servers and critical infrastructure. As the situation develops, it is essential for users to stay informed and apply necessary updates to protect their systems.

Read Original
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

The Hacker News

Actively Exploited

A newly disclosed vulnerability in the PraisonAI framework, identified as CVE-2026-44338, has drawn the attention of cybercriminals within just four hours of its announcement. This vulnerability has a CVSS score of 7.3 and involves a missing authentication issue, which means that sensitive endpoints could be accessed by unauthorized users. If exploited, attackers could invoke potentially harmful actions, leading to significant security risks for any systems running this open-source orchestration tool. Organizations utilizing PraisonAI are urged to assess their systems and implement necessary security measures to protect against possible exploitation. This incident serves as a reminder of the rapid response from threat actors to newly revealed vulnerabilities.

Read Original

Hackers began exploiting a newly discovered vulnerability in PraisonAI within hours of its public disclosure. This flaw allows attackers to bypass authentication measures, potentially granting unauthorized access to sensitive data. The rapid response from malicious actors indicates a high level of interest in exploiting this weakness, which could affect numerous users and organizations relying on PraisonAI's services. Companies using this technology should take immediate steps to secure their systems to prevent unauthorized access and data breaches. The quick exploitation attempts serve as a reminder of the urgency in addressing newly disclosed vulnerabilities.

Read Original

A new variant of a local privilege escalation vulnerability in the Linux kernel, named Fragnesia, has been identified. This vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, allows local attackers to gain root access through page cache corruption. This marks the third such vulnerability discovered in the Linux kernel within just two weeks, raising concerns for users and administrators. The flaw is rooted in the kernel's XFRM component, which is responsible for managing IPsec protocols. This means that systems using affected kernel versions could be at risk if not addressed promptly, as attackers could exploit this vulnerability to gain elevated privileges and potentially take control of vulnerable systems.

Read Original
Actively Exploited

Foxconn has confirmed that it experienced a cyberattack affecting several of its North American factories. The Nitrogen ransomware group claims responsibility, stating they stole a significant 8TB of data from the company. This incident highlights the increasing vulnerability of major manufacturers to cyber threats. Foxconn's acknowledgment of the attack suggests potential disruptions in their operations and raises concerns about the sensitive information that may have been compromised. As a major player in the electronics manufacturing sector, the implications of this breach could extend beyond Foxconn, potentially impacting its clients and partners as well.

Read Original
PreviousPage 20 of 63Next