Articles tagged "Vulnerability"

Found 953 articles

A recent analysis has revealed that MCP (Machine Control Protocol) introduces a hidden attack surface that can jeopardize zero-trust security frameworks. Researchers have identified that this backdoor can be exploited by attackers, creating vulnerabilities in systems that rely on zero-trust architectures to secure sensitive data. Companies using MCP in their infrastructure may find themselves at risk, as the protocol's design leaves gaps that could be targeted. This situation raises significant concerns for organizations aiming to implement stringent security measures, as it highlights the need for a thorough review of their security protocols. Addressing these vulnerabilities is crucial to maintaining trust and security in digital environments.

Read Original

A security researcher has discovered a vulnerability in WhatsApp that allows users to bypass the app's 'View Once' feature, which is designed to make images and videos disappear after being viewed. This issue arises from the use of a modified client application, and Meta, the parent company of WhatsApp, has stated it will not release a patch for this vulnerability. The decision not to address the flaw raises concerns about user privacy, as it undermines the security feature intended to protect sensitive media. Users who rely on this feature for confidential communications may be at risk of having their private content saved and shared without consent. The vulnerability's existence highlights the potential for modified applications to exploit weaknesses in popular messaging platforms.

Read Original
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

The Hacker News

A significant security vulnerability, identified as CVE-2026-3888, has been discovered in default installations of Ubuntu Desktop versions 24.04 and later. This flaw allows unprivileged local attackers to escalate their privileges to root access, potentially giving them complete control over the affected systems. With a CVSS score of 7.8, this high-severity issue poses a serious risk to users who have not applied necessary security measures. It is crucial for Ubuntu users to be aware of this vulnerability, as it could lead to unauthorized access and manipulation of sensitive data. Immediate action is recommended to safeguard systems against potential exploitation.

Read Original
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

The Hacker News

Researchers have identified a severe vulnerability in the GNU InetUtils telnet daemon, known by its CVE identifier CVE-2026-32746. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges through Telnet connections on port 23. With a CVSS score of 9.8, this vulnerability poses a significant risk to systems using the affected telnetd. The issue arises from an out-of-bounds write in the LINEMODE Set, which could be exploited easily by attackers. Organizations using this software need to take immediate action to secure their systems, as the implications of this flaw could lead to unauthorized access and control over critical infrastructure.

Read Original
Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Wing FTP Server software that is currently being exploited. This flaw enables low-privileged attackers to access the complete local installation path of the software, which could lead to further exploitation or data breaches. Users of Wing FTP Server need to be particularly vigilant, as this vulnerability could allow malicious actors to gain insights into the server's configuration and potentially exploit other weaknesses. Companies using this software should ensure they are taking appropriate measures to secure their systems and monitor for any suspicious activity. Immediate action is crucial to mitigate the potential risks associated with this vulnerability.

Read Original
Actively Exploited

Researchers have discovered a serious vulnerability in Android that allows attackers to hijack mobile payment applications using a technique called LSPosed-based runtime manipulation. This attack can bypass security measures such as SIM binding, which is intended to protect users' financial transactions. As a result, anyone using affected payment apps could be at risk of fraud and unauthorized transactions. This incident highlights the ongoing challenges in mobile security, especially for users who rely on their devices for financial activities. Users should be cautious and consider reviewing their app security settings until further protections are implemented.

Read Original

The UK Companies House has acknowledged a security vulnerability that potentially exposed sensitive details of millions of businesses. This flaw could allow unauthorized individuals to access company information and modify official records. The agency has confirmed that the issue could have serious implications for the integrity of business data in the UK, raising concerns about identity theft and fraud. As Companies House holds critical information about registered companies, this exposure poses a significant risk to both businesses and consumers. Authorities are urging companies to remain vigilant and review their security practices in light of this breach.

Read Original

Researchers have identified a security vulnerability called 'CursorJack' that affects the Cursor IDE, a development environment used for coding, particularly in AI projects. This flaw allows attackers to exploit malicious deeplinks, which can lead to unauthorized code execution if users inadvertently approve these links. The risk is significant because it can compromise the integrity of the code being developed, potentially leading to the introduction of harmful code into applications. Developers using the Cursor IDE should be aware of this vulnerability and take precautions to avoid falling victim to such attacks. The implications extend beyond individual users, as compromised code could lead to broader security issues in applications that rely on this development environment.

Read Original
Actively Exploited

Researchers have identified a new font-rendering attack that can trick AI tools into overlooking malicious commands embedded in seemingly harmless HTML on webpages. This technique manipulates how text is displayed, making it difficult for AI assistants to recognize and respond to the hidden threats. The attack poses a significant risk, as it can be used to bypass security measures and deliver harmful instructions without triggering alerts. Users and organizations relying on AI for automated tasks or security monitoring need to be aware of this vulnerability, as it could lead to unauthorized actions or data breaches. The discovery emphasizes the need for enhanced scrutiny of web content, especially as AI tools become more integrated into everyday applications.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) has alerted U.S. government agencies about a vulnerability in Wing FTP Server that is currently being exploited in attacks. This flaw could potentially allow attackers to execute remote code, raising the risk of severe security breaches. Organizations using this software need to take immediate action to secure their systems, as the vulnerability could be linked to more extensive exploitation tactics. The warning is particularly urgent for agencies that manage sensitive data, as the consequences of an attack could be significant. It's crucial for affected users to stay vigilant and apply any available security measures to mitigate risks.

Read Original
Companies House Restores WebFiling After Flaw Exposed Director Details

Hackread – Cybersecurity News, Data Breaches, AI and More

Companies House, the UK's official register of companies, recently addressed a significant flaw in its WebFiling service. This vulnerability allowed unauthorized users to not only view sensitive director details but also modify company records. The issue prompted Companies House to take the service offline temporarily while they worked on a fix. After resolving the flaw, the WebFiling service was restored, but the incident raises concerns about the security of sensitive corporate information. Users and companies relying on this service need to be aware of the potential risks associated with such vulnerabilities.

Read Original

Recent vulnerabilities in CrackArmor's AppArmor have been discovered, allowing local users of Linux systems to escalate their privileges to root access. This flaw not only compromises the host system but also allows attackers to break out of container environments and launch denial-of-service (DoS) attacks. The implications are significant for any organization relying on Linux, as it increases the risk of unauthorized access and system disruption. Users should be particularly vigilant if they are running systems with AppArmor enabled, as these vulnerabilities could lead to severe security incidents if exploited. Immediate action is advised to mitigate potential risks associated with these flaws.

Read Original
Actively Exploited

A recent security flaw in the AWS Bedrock Code Interpreter has raised concerns among cloud users. This vulnerability involves a DNS-based attack that allows AI sandboxes to exfiltrate sensitive data from cloud environments. The issue affects AWS Bedrock's AgentCore, which is crucial for running AI applications in a secure environment. Companies using AWS Bedrock services need to be aware of this vulnerability as it could potentially expose their data to unauthorized access. This incident underscores the need for enhanced security measures in cloud-based AI applications.

Read Original
‘CrackArmor’ Vulnerability in AppArmor Impacts 12.6M Linux Systems

Hackread – Cybersecurity News, Data Breaches, AI and More

Security researchers at Qualys have identified a vulnerability known as 'CrackArmor' in AppArmor, a security tool used to restrict the capabilities of applications on Linux systems. This flaw affects approximately 12.6 million Linux systems, potentially allowing attackers to gain root access and escape from containers. Such a breach can lead to unauthorized control over affected systems, posing significant risks to data integrity and system security. Users of Linux systems, especially those employing AppArmor for security, should take this issue seriously and stay informed about potential exploits. The discovery underscores the need for regular system updates and vigilance against emerging vulnerabilities.

Read Original
Critical
SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

A serious SQL injection vulnerability has been discovered in the Ally WordPress plugin, putting over 200,000 websites at risk of data theft. This flaw allows attackers to manipulate database queries, potentially exposing sensitive user information. Although a patch has been released to fix the issue, many installations remain unpatched and therefore vulnerable. Website owners are urged to apply the update as soon as possible to protect their sites and users. The ongoing risk highlights the importance of timely software updates in safeguarding against cyber threats.

Read Original
PreviousPage 40 of 64Next