VulnHub

OpenSSL has patched 12 vulnerabilities, including a critical remote code execution (RCE) flaw that poses a significant risk to users. These vulnerabilities mainly arise from issues related to memory safety, parsing robustness, and resource handling. Affected products include various versions of OpenSSL, which is widely used across different platforms and applications. This is particularly concerning for organizations that rely on OpenSSL for secure communications, as attackers could exploit these flaws to gain unauthorized access or control over systems. Users and administrators are urged to apply the latest patches to mitigate these risks and protect their systems from potential exploitation.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance focusing on insider threats, which pose a serious risk to organizations, particularly within critical infrastructure sectors. CISA emphasizes the need for organizations to form multi-disciplinary teams to effectively manage these threats. This guidance comes amid growing concerns about the potential misuse of artificial intelligence by insiders. By providing an infographic, CISA aims to help organizations understand how to better identify and mitigate these risks, ensuring a more secure operational environment. This is crucial as insider threats can lead to significant data breaches and operational disruption, affecting not only the organizations themselves but also the broader public they serve.

The Biden administration has decided to repeal two memorandums that set software security requirements for federal agencies. This move has been described as a way to reduce what the White House calls 'burdensome' regulations. While the memorandums are no longer in effect, some of the resources they provided can still be accessed by government organizations. The decision raises concerns about the overall security of software used by federal agencies, as these rules were designed to enhance security practices in software development and procurement. The implications of this change could affect how government entities approach software security moving forward, potentially leading to vulnerabilities in critical systems.

SmarterTools has released patches for two vulnerabilities in its SmarterMail email software, one of which is classified as critical. This flaw, identified as CVE-2026-24423, has a CVSS score of 9.3 and could allow attackers to execute arbitrary code on systems running affected versions of SmarterMail. Users of SmarterMail versions prior to build 9511 are particularly at risk. It's crucial for organizations using this software to update immediately to protect against potential exploitation. The existence of such a high-severity vulnerability underscores the importance of regular software updates and vigilance in cybersecurity practices.

Recent vulnerabilities have been discovered in n8n, a widely used AI automation platform. These flaws could allow attackers to take control of servers and steal sensitive user credentials. This poses a significant risk to businesses that rely on n8n for automating workflows and managing data. If exploited, these vulnerabilities could lead to unauthorized access and data breaches, potentially impacting customer trust and company reputation. Users of n8n should take immediate action to secure their systems and monitor for any suspicious activity.

Zscaler's recent testing has revealed alarming vulnerabilities in enterprise AI systems, finding that 90% of these systems have critical weaknesses that can be exploited in less than 90 minutes. The research indicates that the median time to experience a critical failure is just 16 minutes. This poses a significant risk for businesses relying on AI technology, as attackers could potentially compromise their systems before adequate defenses are put in place. With the growing adoption of AI in various sectors, companies need to be aware of these vulnerabilities and take immediate action to secure their systems. The findings serve as a wake-up call for organizations to assess their AI infrastructure and implement stronger security measures.

SolarWinds has addressed four critical vulnerabilities found in their Web Help Desk software that could allow attackers to execute code remotely or bypass authentication. These flaws can be exploited without requiring any user credentials, posing a serious risk to organizations using the software. Companies that rely on Web Help Desk should prioritize applying the latest patches to protect their systems from potential attacks. The vulnerabilities were disclosed recently, making immediate action essential to prevent exploitation. Users and administrators are urged to check for updates and ensure their installations are secure.

SEC Consult has identified several security vulnerabilities in Dormakaba's exos 9300 access systems, including hardcoded credentials, weak passwords, and command injection flaws. These vulnerabilities could allow attackers to remotely unlock doors, posing a significant risk to physical security in facilities that rely on these systems. Dormakaba, a leading provider of access control solutions, serves a wide range of industries, meaning many organizations could be affected. Users of the exos 9300 need to be aware of these vulnerabilities and take immediate action to secure their systems to prevent unauthorized access. The findings emphasize the need for strong security practices in access control systems, especially in critical infrastructure.

Researchers have identified two serious vulnerabilities in n8n, an open-source workflow automation tool, that could allow attackers to execute code remotely. These flaws are related to how n8n handles its sandboxing, which is supposed to isolate code execution for security. If exploited, these vulnerabilities could let malicious actors run arbitrary code on affected systems, potentially compromising sensitive data and system integrity. Users of n8n should take this issue seriously, as it poses significant risks to any workflows that utilize the platform. It's crucial for organizations to stay updated on these types of vulnerabilities to safeguard their operations.