Articles tagged "Vulnerability"

Found 959 articles

A vulnerability in WinRAR, a popular file compression software, is being exploited by Russian and Chinese nation-state attackers, even though a patch was released last July to fix the issue. This flaw poses a significant risk, particularly to small and medium-sized businesses (SMBs), which may not have updated their software or may be unaware of the vulnerability. The fact that this exploitation is ongoing months after the patch was issued raises concerns about the security practices of many organizations. Companies using affected versions of WinRAR need to take immediate action to protect themselves from potential breaches. Staying updated with software patches is crucial, especially when attackers are targeting known vulnerabilities.

Read Original

Fortinet has confirmed a new zero-day vulnerability that is allowing attackers to exploit single sign-on (SSO) authentication for malicious logins. In response to the ongoing attacks, the company has temporarily disabled FortiCloud SSO authentication across all devices to mitigate the risk. This means that users relying on this feature for secure access may face disruptions while Fortinet works on a solution. The situation is particularly concerning as it puts sensitive information at risk and could lead to unauthorized access to critical systems. Companies using Fortinet products should monitor the situation closely and be prepared to implement any updates once they are released.

Read Original

Researchers have identified two serious vulnerabilities in n8n, an open-source workflow automation tool, that could allow attackers to execute code remotely. These flaws are related to how n8n handles its sandboxing, which is supposed to isolate code execution for security. If exploited, these vulnerabilities could let malicious actors run arbitrary code on affected systems, potentially compromising sensitive data and system integrity. Users of n8n should take this issue seriously, as it poses significant risks to any workflows that utilize the platform. It's crucial for organizations to stay updated on these types of vulnerabilities to safeguard their operations.

Read Original

Fortinet has issued patches for a serious vulnerability in its FortiOS software, identified as CVE-2026-24858, which has been actively exploited by attackers. This flaw allows unauthorized users to bypass Single Sign-On (SSO) authentication, posing a significant risk to organizations using affected systems. The vulnerability has a high CVSS score of 9.4, indicating its severity. It impacts several products, including FortiOS, FortiManager, and FortiAnalyzer. Companies utilizing these systems should prioritize applying the available patches to protect against potential breaches.

Read Original

SolarWinds has issued important security updates to address two serious vulnerabilities in its Web Help Desk software. The flaws include an authentication bypass that could allow unauthorized access and a remote command execution (RCE) vulnerability, which could enable attackers to run commands on affected systems. These issues affect users of the Web Help Desk, which is widely used in IT support environments. Organizations relying on this software need to act quickly, as these vulnerabilities could lead to significant security breaches if exploited. Users are advised to apply the updates provided by SolarWinds to mitigate these risks.

Read Original

Researchers from JFrog Security Research have identified two significant vulnerabilities in the n8n workflow automation platform. The most critical issue, tracked as CVE-2026-1470, has a CVSS score of 9.9 and involves an eval injection vulnerability that allows authenticated users to execute arbitrary code remotely. This flaw poses a severe risk, as it could potentially enable attackers to manipulate the system and access sensitive data. Users of n8n should take immediate action to secure their installations, especially those who rely on this platform for workflow automation. Prompt updates and monitoring are essential to mitigate risks associated with these vulnerabilities.

Read Original

The article discusses the ongoing risk of password reuse, which is often overlooked by security teams focused on more obvious threats like phishing or malware. Many users tend to use similar passwords across different accounts, creating a vulnerability that can be exploited by attackers. This practice allows cybercriminals to gain access to sensitive information if they compromise one account. Organizations are urged to take this risk seriously and implement stronger password policies and user education to mitigate the problem. The article emphasizes that even seemingly minor password habits can lead to significant security breaches, making it crucial for companies to address these issues proactively.

Read Original

Researchers at Koi have discovered a series of vulnerabilities known as 'PackageGate' affecting popular JavaScript package managers: NPM, PNPM, VLT, and Bun. These flaws allow attackers to bypass existing supply chain protections, potentially enabling them to execute malicious code within applications that rely on these package managers. This is particularly concerning given the widespread use of these tools in the development community, meaning that many developers and organizations could be at risk without realizing it. The vulnerabilities pose a serious threat to software integrity and the security of applications built using these package managers. Developers are urged to stay vigilant and implement necessary security measures to protect their projects.

Read Original

Fortinet has addressed a significant vulnerability tracked as CVE-2026-24858, which could allow attackers to bypass authentication and gain unauthorized access to devices linked to other FortiCloud accounts. This flaw presents a serious risk, as it enables malicious actors to potentially control devices that should be secure. Users and organizations utilizing FortiCloud services are particularly affected, as their account security could be compromised. Fortinet's swift action to patch this vulnerability is crucial to prevent exploitation and protect users' sensitive data. Companies using Fortinet products should ensure they apply the latest updates to mitigate this risk effectively.

Read Original

OpenSSL has patched 12 vulnerabilities, including a high-severity flaw that allows remote code execution. This vulnerability was identified by a cybersecurity firm and poses significant risks for users and organizations relying on OpenSSL for secure communications. Attackers could exploit this flaw to execute arbitrary code on affected systems, potentially compromising sensitive data and operations. Users and organizations should prioritize applying the latest updates to safeguard their systems against potential attacks. The patch addresses critical issues that could affect a wide range of applications and services leveraging OpenSSL, making timely remediation essential.

Read Original

A defect in WinRAR, a popular file compression tool, has been exploited by cybercriminals and nation-state groups for the past six months. This vulnerability is particularly concerning as it has been used to target sensitive sectors, including military, government, and technology organizations, primarily for espionage purposes. As attackers take advantage of this flaw, affected organizations risk data breaches and unauthorized access to sensitive information. Users of WinRAR are strongly urged to update their software to the latest version to mitigate these risks. The ongoing exploitation of this defect illustrates the persistent threat posed by both cybercriminals and state-sponsored actors in today's digital landscape.

Read Original

A newly discovered flaw in telnet servers exposes vulnerabilities in many legacy systems and Internet of Things (IoT) devices still using this outdated protocol for remote access. Despite telnet being largely replaced by more secure options, it remains in use across hundreds of thousands of devices, making them susceptible to potential attacks. Researchers have pointed out that this forgotten attack surface could allow unauthorized access to sensitive systems, putting data and operations at risk. Organizations relying on these systems need to assess their use of telnet and consider transitioning to more secure protocols to mitigate these risks. This situation underscores the importance of keeping security practices updated, even for older technologies that may still be in operation.

Read Original
Actively Exploited

A critical vulnerability has been identified in Grist-Core, a platform used for data management and collaboration. This security flaw allows attackers to escape the sandbox environment, leading to remote code execution through a malicious formula. Essentially, this means that someone could potentially run arbitrary code on the systems where Grist-Core is deployed, which poses a significant risk to users. Organizations using this software need to act quickly to protect their data and systems from exploitation. The details about the specific versions affected have not been disclosed, but the urgency of the situation suggests that immediate attention is required to prevent potential breaches.

Read Original

Researchers have discovered a critical vulnerability in the vm2 library, a popular Node.js sandbox used to execute untrusted code. This security flaw, identified as CVE-2026-22709, enables attackers to escape the sandbox environment and execute arbitrary code on the host system. This poses a significant risk to applications that rely on this library for secure code execution. Developers using vm2 should take immediate action to protect their systems, as the implications could lead to unauthorized access and control over sensitive data. It's crucial for users to stay informed about this vulnerability and implement necessary safeguards to prevent exploitation.

Read Original

SoundCloud has experienced a significant data breach, affecting nearly 30 million user accounts. Hackers accessed personal and contact information, raising concerns about user privacy and security. This breach underscores the vulnerability of online platforms to cyberattacks, highlighting the need for stronger security measures. Users whose accounts were compromised should be vigilant about potential phishing scams and consider changing their passwords. SoundCloud has not yet detailed how the breach occurred, leaving many questions about the effectiveness of their security protocols.

Read Original
PreviousPage 47 of 64Next