A flaw known as XRING has been discovered in XQUIC, Alibaba's library for QUIC and HTTP/3. This vulnerability allows any remote client to crash servers using a simple sequence of legal traffic, requiring no authentication or malformed packets. The issue stems from a single incorrect variable in the code, and it takes only about 260 bytes of standard QPACK traffic to trigger the crash. As of now, there is no patch available to fix this problem. Researchers have flagged this vulnerability as a significant risk, especially for servers relying on XQUIC for HTTP/3 communication, as it could lead to downtime and service disruption.
Articles tagged "Vulnerability"
Found 928 articles
Zimbra has issued a warning to its customers regarding a serious vulnerability in the Classic Web Client of the Zimbra Collaboration suite. This flaw allows for cross-site scripting (XSS) attacks, which could enable attackers to execute malicious scripts in the context of a user's browser. As a result, users' sensitive information could be compromised. The company is urging all users to apply the necessary patches to protect their systems. This vulnerability is particularly concerning for organizations that rely on Zimbra for communication and collaboration, as it could lead to significant security breaches if left unaddressed.
Researchers have identified a new method called 'HalluSquatting' that exploits the way AI assistants can misinterpret user commands, leading to remote code execution. By taking advantage of these 'hallucinations,' attackers can potentially deliver botnets through popular AI platforms. This technique poses risks to users who rely on AI assistants for various tasks, as it could allow malicious actors to gain control of systems remotely. The implications are significant, as this method could increase the number of devices compromised, expanding the reach of botnets. As AI technology becomes more integrated into daily life, understanding and mitigating such risks will be crucial for both users and developers.
Anastasia Tikhonova from Group-IB emphasizes the importance of integrating software supply chain security into daily operations rather than treating it as a one-time compliance task. In a recent video, she advocates for the active use of Software Bill of Materials (SBOM) for various security processes, including vulnerability assessments and incident responses. Drawing insights from Group-IB’s High-Tech Crime Trend Report 2026, she warns that supply chain attacks are becoming more sophisticated, often linking phishing, ransomware, and data breaches through the trust companies place in their suppliers. This shift means organizations need to be proactive in managing their software supply chain risks to protect against these evolving threats. Acknowledging that these vulnerabilities can have widespread implications, Tikhonova encourages teams to make security a daily habit.
Recent reports indicate that Iranian cyber actors are shifting their focus from just targeting critical infrastructure to a broader range of Internet-facing vulnerabilities. This means that any company with exposed systems could be at risk of cyber attacks. Researchers emphasize that even businesses that might think they are safe, due to their obscurity or size, are not immune. The situation is a wake-up call for organizations to reassess their cybersecurity posture and ensure they are protected against potential intrusions. Companies need to prioritize identifying and patching vulnerabilities to avoid becoming targets of these increasingly sophisticated attacks.
A new ransomware strain called GodDamn has emerged, targeting systems by disabling security software using a signed driver known as PoisonX. Discovered by Symantec's Threat Hunter Team, GodDamn is considered an advanced version of the Beast ransomware family, and it first appeared on May 21, 2026. The ransomware's ability to circumvent security measures poses a significant risk to organizations, as it can lead to data breaches and financial losses. The analysis of an attack in early June indicates that the group behind it is actively exploiting this vulnerability, making it imperative for companies to assess their defenses. Users and companies need to be aware of this threat and take immediate steps to bolster their security protocols.
Recent findings have revealed that Tenda routers may contain a hidden backdoor in their firmware, potentially allowing unauthorized access to users' networks. Security researchers have urged users to take immediate action to protect themselves, as this vulnerability could expose sensitive information. Until Tenda releases a patch to address this issue, users should disable certain settings to minimize the risk of exploitation. This situation is particularly concerning given the popularity of Tenda routers among consumers, making a significant number of users vulnerable to potential attacks. It's essential for users to stay vigilant and follow recommended safety measures to secure their home networks.
A data breach at KDDI, a major Japanese telecommunications company, has compromised the personal information of approximately 12 million users. Hackers took advantage of a zero-day vulnerability found in a third-party system to gain unauthorized access to KDDI's email system used by Internet Service Providers (ISPs). This breach raises concerns about user privacy and the security of sensitive data, as affected individuals could face risks like identity theft or fraud. KDDI has not yet released detailed information on how they plan to address the breach or what specific data was stolen, but the scale of the incident underscores the need for companies to bolster their cybersecurity measures, especially when relying on third-party systems.
Help Net Security
Microsoft has rolled out a security update to address a serious vulnerability in its Malware Protection Engine, specifically CVE-2026-50656. This flaw, which affects Windows 10 and Windows 11, allows authenticated attackers to escalate their privileges to SYSTEM-level by exploiting improper link resolution before file access. The vulnerability was brought to light on June 10, and it poses a significant risk as it can be exploited with relatively low complexity. Users of affected systems should prioritize applying this update to safeguard their devices against potential attacks that could compromise system security.
Schneider Electric's PowerChute Serial Shutdown software has several vulnerabilities that could allow attackers to manipulate system files, inject malicious data, or gain unauthorized access to accounts. Versions 1.4 and earlier are affected by these security flaws, which include issues like improper path restrictions and output handling. If exploited, these vulnerabilities could disrupt services or expose sensitive information across critical sectors such as energy, healthcare, and transportation. Users of affected versions are urged to upgrade to version 1.5, which includes fixes for these issues. The vulnerabilities were disclosed recently, and it is crucial for organizations to address them promptly to mitigate potential risks.
A serious vulnerability has been found in OpenPLC v3, which could allow authenticated attackers to write arbitrary files to the filesystem and execute malicious code. This flaw, identified as CVE-2026-14480, stems from how the legacy web user interface handles file uploads, enabling attackers to specify file names without proper validation. If exploited, it could lead to code execution under the OpenPLC runtime user, posing significant risks to critical infrastructure sectors such as manufacturing, energy, and transportation. OpenPLC v3 is now end-of-life and no longer receives security updates, making it essential for users to upgrade to OpenPLC v4 to mitigate this risk.
Schneider Electric has reported a vulnerability affecting its Easergy MiCOM Px40 Series protection relays, which are used in medium to extra high voltage applications. The vulnerability allows unauthorized exposure of device identification through the SNMP protocol, impacting various models including the Easergy MiCOM P14x, P24x, P341, and several others, all prior to specific firmware versions. This issue raises concerns for critical infrastructure sectors such as energy and manufacturing, as it could lead to unauthorized access to sensitive device information. Users are advised to implement immediate mitigations or upgrade to firmware versions that eliminate SNMP functionality to protect their systems. This situation is particularly pressing for organizations relying on these devices for operational safety and security.
Infosecurity Magazine
Wiz has identified a security flaw named GhostApproval that affects six major AI coding assistants. This vulnerability allows attackers to bypass approval processes, potentially leading to unauthorized code execution. The flaw is particularly concerning because it could enable malicious actors to exploit code without proper authorization, putting developers and their projects at risk. The affected coding assistants are widely used in the software development community, which raises alarms about the potential for widespread misuse. It's crucial for users of these tools to stay informed and take necessary precautions as more details about the flaw emerge.
Microsoft has addressed a significant vulnerability in its Defender software, identified as RoguePlanet (CVE-2026-50656). This flaw allows local attackers to escalate their privileges by exploiting the Malware Protection Engine, which is integral to Defender's malware scanning and removal functions. The vulnerability has a CVSS score of 7.8, indicating a high severity level. Users of Microsoft Defender should ensure they apply the latest security updates to protect against potential exploitation. This fix is crucial as it mitigates the risk of unauthorized access and control over affected systems, which could lead to further security breaches.
Microsoft has addressed a significant vulnerability in its Defender antivirus software, dubbed RoguePlanet, which was made public nearly a month ago. This flaw, tracked as CVE-2026-50656, has a CVSS score of 7.8, indicating a high risk of privilege escalation. It affects the Microsoft Malware Protection Engine, specifically the 'mpengine.dll' component responsible for scanning and cleaning malware. If exploited, this vulnerability could allow attackers to gain SYSTEM privileges on affected systems, posing a serious security risk. Users of Microsoft Defender are urged to apply the latest security updates to protect their systems from potential exploitation.