Hackers began exploiting a newly discovered vulnerability in PraisonAI within hours of its public disclosure. This flaw allows attackers to bypass authentication measures, potentially granting unauthorized access to sensitive data. The rapid response from malicious actors indicates a high level of interest in exploiting this weakness, which could affect numerous users and organizations relying on PraisonAI's services. Companies using this technology should take immediate steps to secure their systems to prevent unauthorized access and data breaches. The quick exploitation attempts serve as a reminder of the urgency in addressing newly disclosed vulnerabilities.
Articles tagged "Vulnerability"
Found 943 articles
A new variant of a local privilege escalation vulnerability in the Linux kernel, named Fragnesia, has been identified. This vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, allows local attackers to gain root access through page cache corruption. This marks the third such vulnerability discovered in the Linux kernel within just two weeks, raising concerns for users and administrators. The flaw is rooted in the kernel's XFRM component, which is responsible for managing IPsec protocols. This means that systems using affected kernel versions could be at risk if not addressed promptly, as attackers could exploit this vulnerability to gain elevated privileges and potentially take control of vulnerable systems.
Foxconn has confirmed that it experienced a cyberattack affecting several of its North American factories. The Nitrogen ransomware group claims responsibility, stating they stole a significant 8TB of data from the company. This incident highlights the increasing vulnerability of major manufacturers to cyber threats. Foxconn's acknowledgment of the attack suggests potential disruptions in their operations and raises concerns about the sensitive information that may have been compromised. As a major player in the electronics manufacturing sector, the implications of this breach could extend beyond Foxconn, potentially impacting its clients and partners as well.
Researchers have identified multiple vulnerabilities in NGINX Plus and NGINX Open, including a severe flaw that has existed for 18 years. The most critical issue, a heap buffer overflow in the ngx_http_rewrite_module (CVE-2026-42945), could allow attackers to execute arbitrary code remotely without authentication. This vulnerability has a high severity score of 9.2 on the CVSS v4 scale. Organizations using these web servers are at risk, as the flaw could lead to significant security breaches. It is crucial for affected users to address this vulnerability promptly to safeguard their systems.
A serious vulnerability has been found in certain configurations of the Exim mail transfer agent, which could allow remote attackers to execute arbitrary code without authentication. This flaw poses a significant risk to systems running Exim, as it could lead to unauthorized access and control over affected servers. Organizations using Exim should take immediate action to assess their configurations, as attackers could exploit this vulnerability if not addressed promptly. The issue emphasizes the need for regular updates and security checks in mail server configurations to protect against potential breaches. Users and administrators are advised to stay vigilant and ensure they are running the latest versions of the software.
Security Affairs
A serious vulnerability, identified as CVE-2025-32975, has been discovered in Quest KACE SMA, an endpoint management tool used by organizations to oversee their IT assets. This flaw poses a significant risk as it could allow attackers to compromise all managed systems within affected organizations. Researchers have determined that around 60 organizations may be vulnerable due to this unpatched issue. The potential for widespread impact makes it crucial for companies using this software to take immediate action to secure their systems. Ignoring this vulnerability could lead to severe operational disruptions and data breaches.
SCM feed for Latest
Škoda Auto has reported a data breach following a hack of its e-commerce portal. Attackers took advantage of a vulnerability in the software, allowing them unauthorized access to the system. Although specific details about the data compromised have not been disclosed, this incident raises concerns for customers who may have used the online shop. The breach serves as a reminder of the importance of securing online platforms, particularly those that handle sensitive customer information. Škoda Auto's response to this incident will be crucial in restoring customer trust and preventing future attacks.
Foxconn, known as the largest electronics manufacturer globally, has confirmed that it was hit by a cyberattack attributed to the Nitrogen ransomware gang. The attack has affected some of its North American factories, prompting disruptions in operations. While Foxconn is working to restore normalcy, the incident raises concerns about the vulnerability of major manufacturing firms to cyber threats. Ransomware attacks like this often target essential infrastructure, which can lead to significant financial and operational repercussions. As the situation develops, stakeholders in the electronics supply chain will need to assess their security measures to prevent similar incidents.
Researchers have discovered that a tokenizer library file used in Hugging Face AI models can be manipulated, allowing attackers to hijack the model's outputs and exfiltrate sensitive data. This vulnerability affects the integrity of AI models hosted on the Hugging Face platform, which are widely utilized in various applications, including natural language processing tasks. If exploited, this could lead to unauthorized access to data processed by these models, posing risks to both developers and end-users. It is crucial for organizations using these models to be aware of this issue and take steps to secure their implementations. The manipulation of a single file demonstrates how even small changes can have significant security implications.
Sasha Levin, a co-maintainer of the Linux kernel, has introduced a proposal for a runtime killswitch designed to disable vulnerable kernel functions temporarily. This mechanism would be accessible through securityfs, allowing system administrators to quickly mitigate risks associated with known vulnerabilities. The proposal aims to provide a practical solution for managing vulnerabilities in the Linux kernel, which is critical given the widespread use of Linux in servers and devices. By enabling a quick response to potential exploits, this initiative could help enhance the security posture of systems utilizing the Linux kernel. The implementation of such a killswitch is especially relevant as cyber threats continue to evolve, targeting vulnerabilities in operating systems.
SCM feed for Latest
A newly discovered vulnerability, identified as CVE-2026-41940, is affecting cPanel and WebHost Manager, allowing attackers to exploit it shortly after it was made public. The threat actor known as Mr_Rot13 has been observed using this flaw to deploy a backdoor known as Filemanager, which can grant unauthorized access to compromised systems. This situation poses serious risks to web hosting providers and their customers, as it could lead to data breaches and unauthorized control over hosted websites. Companies using affected versions of cPanel and WebHost Manager need to take immediate action to secure their systems and protect sensitive data from being exploited. The urgency of addressing this vulnerability cannot be overstated, given the potential for widespread impact on affected users.
Schneier on Security
A newly disclosed Linux vulnerability, dubbed 'copy.fail', poses a serious risk across multiple distributions, including Ubuntu, RHEL, Debian, SUSE, Amazon Linux, and Fedora. Revealed by Theori on April 29, 2026, this local privilege escalation flaw allows attackers to manipulate the Linux kernel's crypto API to write unauthorized data into the page cache of files they do not own. Importantly, the exploit does not modify files on disk, making it difficult for traditional monitoring tools like AIDE and Tripwire to detect. This vulnerability is concerning because it affects a wide range of systems without requiring any specific modifications for different distributions. Organizations using these Linux variants should prioritize assessing their security posture and applying necessary mitigations to protect against potential exploitation.
BleepingComputer
A security researcher has introduced a tool called GhostLock that exploits a legitimate Windows file API to prevent access to files on local systems and SMB network shares. This proof-of-concept tool demonstrates how attackers could potentially block users from accessing important files, which could lead to significant disruptions in both personal and organizational environments. The ability to manipulate file access raises concerns for businesses relying on shared network drives and highlights the need for improved security measures to protect against such attacks. As this tool becomes known, companies and users alike may need to reassess their file access protocols and security practices to mitigate risks. The implications of this vulnerability could affect a wide range of Windows systems and applications that utilize the Windows file API.
The Hacker News
A serious security vulnerability in cPanel, identified as CVE-2026-41940, is currently being exploited by a threat actor known as Mr_Rot13. This flaw allows attackers to bypass authentication and gain elevated control over cPanel and WebHost Manager (WHM) environments. The exploitation of this vulnerability has led to the deployment of a backdoor named Filemanager on compromised systems. This incident is particularly concerning because it puts web hosting environments at risk, potentially allowing unauthorized access to sensitive data and control over web applications. Users and administrators of affected cPanel and WHM versions need to be vigilant and take immediate action to secure their systems.
Instructure, the company behind the Canvas learning management system, has acknowledged that a security flaw was exploited by hackers to alter Canvas login portals. This breach allowed the attackers to leave an extortion message, raising serious concerns about the security of educational platforms used by schools and students. The incident underscores the vulnerability of widely used technologies in the education sector, as they can be targeted for malicious purposes. Users of Canvas, including students and educators, may face disruptions or potential data risks due to this security lapse. It's crucial for institutions to evaluate their security measures and ensure that similar vulnerabilities are patched to prevent future incidents.