Aqua's Trivy vulnerability scanner has fallen victim to a supply chain attack. Hackers managed to publish a malicious version of the scanner, manipulating tags to redirect users to malware designed to steal information. This incident poses significant risks as Trivy is widely used in the open-source community for identifying vulnerabilities in container images and other software components. Users who unknowingly downloaded the compromised version may have exposed sensitive data to attackers. It’s crucial for organizations using Trivy to ensure they are running the legitimate version and to monitor their systems for any signs of compromise.
Articles tagged "Vulnerability"
Found 953 articles
Help Net Security
Oracle has issued an emergency patch for a serious vulnerability, identified as CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. This flaw allows attackers to exploit a missing authentication feature, potentially leading to remote code execution without prior authentication. While Oracle hasn't confirmed if this vulnerability has been actively exploited in the wild, they are urging all customers to apply the updates or implement alternative mitigations immediately. The lack of authentication for such a critical function poses significant risks for organizations using these services, emphasizing the need for prompt action to safeguard their systems.
The Hacker News
Researchers have identified a serious security vulnerability, CVE-2025-32975, affecting the Quest KACE Systems Management Appliance (SMA). This flaw has a maximum severity rating of 10.0 and is being actively exploited by attackers who are targeting unpatched systems exposed to the internet. Malicious activity linked to this vulnerability was first observed during the week of March 9, 2026, according to Arctic Wolf. Organizations using KACE SMA need to take immediate action to protect their systems, as this could lead to unauthorized access and potential data breaches. It’s crucial for users to ensure their systems are updated to mitigate this risk.
Oracle has issued an emergency patch for a serious vulnerability in its Identity Manager software, identified as CVE-2026-21992. This flaw allows attackers to execute remote code without needing any authentication, raising concerns that it may already be exploited in the wild. This vulnerability poses a significant risk, especially for organizations using Oracle Identity Manager, as it could allow unauthorized access to sensitive systems and data. Users and companies relying on this software are urged to apply the patch promptly to safeguard against potential exploitation. The situation emphasizes the ongoing need for vigilance in software security and timely updates.
Help Net Security
Last week, security researchers discovered that ScreenConnect servers were vulnerable to attacks due to misconfigurations, potentially allowing unauthorized access to sensitive data. Additionally, a flaw in Microsoft SharePoint was exploited, putting numerous organizations at risk. This vulnerability could allow attackers to execute malicious code or gain access to restricted information. Both incidents emphasize the need for companies to regularly review their security settings and update their systems to protect against these types of vulnerabilities. With many businesses relying on these platforms, the implications of these security issues could be significant, affecting operational integrity and data confidentiality.
The Trivy vulnerability scanner was recently compromised in a supply-chain attack orchestrated by a group known as TeamPCP. This attack involved the distribution of credential-stealing malware through official releases and GitHub Actions, which are automated workflows for software development. As a result, users who downloaded the compromised versions of Trivy may have inadvertently installed malware that could steal sensitive information. This incident raises significant concerns about the security of software supply chains and the potential for attackers to exploit trusted platforms to distribute malicious code. Organizations that rely on Trivy for vulnerability scanning need to be aware of this breach and take appropriate measures to safeguard their systems.
A recent vulnerability identified as CVE-2025-32975 may have been exploited in attacks targeting the education sector. This flaw affects Critical Quest's KACE systems, which are commonly used for IT management and endpoint security. The potential exploitation raises concerns about the security of sensitive data within educational institutions. As attackers increasingly focus on this sector, it is crucial for organizations to assess their systems and ensure they are protected against such vulnerabilities. Institutions that use KACE products should be particularly vigilant and consider implementing protective measures immediately.
A newly discovered vulnerability, identified as CVE-2026-33017, poses a serious risk by allowing unauthenticated attackers to run arbitrary Python code on vulnerable servers. This flaw was reportedly exploited within 20 hours of its disclosure, raising concerns among cybersecurity experts. Organizations that use systems affected by this vulnerability need to act swiftly to secure their environments. The ability for attackers to execute arbitrary code can lead to severe data breaches and system compromises, making it crucial for affected users to understand their risk and take appropriate measures. As of now, details on specific systems or versions impacted have not been disclosed, leaving many organizations potentially vulnerable.
Ubiquiti has released patches to address a critical vulnerability in its UniFi Network application, specifically affecting versions 10.1.85 and earlier. The vulnerability, tracked as CVE-2026-22557, poses significant risks to users who have not yet updated their software. This flaw could potentially allow attackers to exploit the system, compromising network security. Users of the affected versions are strongly advised to update to the latest version to safeguard their networks. The urgency of this patch highlights the ongoing need for regular software updates to protect against evolving threats.
Oracle has announced a critical vulnerability in its Fusion Middleware that allows attackers to execute arbitrary code without needing authentication. This flaw affects Oracle's Identity and Web Services Managers, particularly if they are exposed to the internet. The lack of authentication means that anyone can potentially exploit this vulnerability, making it especially dangerous for organizations that have these services publicly accessible. Companies using these products should take immediate action to secure their systems to prevent unauthorized access and potential data breaches. It's crucial for users to apply the necessary patches as soon as possible to mitigate the risks associated with this flaw.
Oracle has issued an emergency security update to address a serious vulnerability in its Identity Manager and Web Services Manager products, identified as CVE-2026-21992. This flaw allows attackers to execute remote code without needing any authentication, which poses a significant risk to organizations using these systems. The vulnerability could potentially be exploited to gain unauthorized access and control over sensitive information. Users of Oracle's Identity Manager and Web Services Manager should prioritize applying the update to protect their systems from potential attacks. This incident underscores the ongoing need for vigilance in software security, particularly with products that manage identity and access controls.
The Hacker News
Trivy, an open-source vulnerability scanner developed by Aqua Security, has been compromised for the second time in a month. This breach specifically targeted the GitHub Actions workflows 'aquasecurity/trivy-action' and 'aquasecurity/setup-trivy', which are commonly used for scanning Docker container images for vulnerabilities. Attackers hijacked 75 tags to deliver malware that aims to steal sensitive continuous integration and continuous delivery (CI/CD) secrets. This incident is particularly concerning as it exposes users relying on these tools to potential data breaches and security risks. Organizations using these GitHub Actions should take immediate action to secure their environments and monitor for any unauthorized access or data leaks.
Ubiquiti has disclosed a serious vulnerability in its UniFi Networking Application, which is used by customers to manage their networking devices. This flaw poses a risk of account takeover, potentially allowing attackers to gain unauthorized access to user accounts. As of now, the vulnerability hasn't been exploited publicly, which gives users a window to secure their systems. The issue affects a wide range of users who rely on the UniFi Networking Application for their networking needs. Given the severity of the flaw, it’s crucial for users to stay informed and take necessary precautions to protect their accounts.
The Hacker News
A severe security vulnerability in Langflow, identified as CVE-2026-33017, has been actively exploited just 20 hours after being disclosed. This flaw, which has a CVSS score of 9.3, is due to missing authentication combined with a code injection issue that could allow attackers to execute arbitrary code remotely. Organizations using Langflow are at risk, as the fast exploitation of such vulnerabilities underscores the need for immediate action. Users and administrators should prioritize addressing this flaw to protect their systems from potential attacks. The rapid responses from malicious actors highlight the urgency for security teams to stay vigilant and proactive against new threats.
SecurityWeek
Navia experienced a significant data breach between late December 2025 and mid-January 2026, affecting approximately 2.7 million individuals. Hackers accessed sensitive personal and health plan information, raising serious concerns for those impacted. The breach not only compromises individual privacy but also poses risks of identity theft and fraud. As healthcare data is particularly valuable on the dark web, this incident highlights the ongoing vulnerability of health-related organizations to cyberattacks. Affected individuals may need to monitor their accounts and take steps to protect their personal information.