Articles tagged "Vulnerability"

Found 959 articles

Microsoft has released a patch for a zero-day vulnerability in its Office software, identified as CVE-2026-21509. This flaw allows attackers to bypass certain security features, potentially putting users at risk. Reports suggest that the vulnerability may have already been exploited in targeted attacks against specific organizations. As a result, it's crucial for all users of Microsoft Office to apply this patch promptly to protect themselves from potential intrusions. The patch is part of Microsoft's ongoing efforts to enhance the security of its products and safeguard user data from malicious activities.

Read Original
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

The Hacker News

Actively Exploited

Microsoft has released emergency patches for a serious vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw has a CVSS score of 7.8, indicating it is a significant security risk. The vulnerability allows attackers to bypass security features by exploiting untrusted inputs, potentially leading to unauthorized access. Organizations using affected Microsoft Office products should prioritize applying these patches, as the vulnerability is currently being exploited in the wild. This situation emphasizes the need for users to stay vigilant and maintain their software up to date to protect against such threats.

Read Original

Researchers from SEC Consult have identified over 20 vulnerabilities in Dormakaba's physical access control systems, specifically those using the exos 9300 platform. These flaws could allow attackers to remotely unlock doors at major organizations, posing a significant security risk. The vulnerabilities are serious enough that they could be exploited to gain unauthorized access to sensitive areas within facilities. Organizations using Dormakaba systems should prioritize applying any patches or updates provided by the vendor to mitigate these risks. This discovery raises concerns about the security of physical access controls, which are essential for protecting sensitive locations.

Read Original

A serious vulnerability has been discovered in Appsmith, an open-source low-code application platform, tracked as CVE-2026-22794. This flaw affects the authentication process, allowing attackers to hijack user accounts. Researchers have confirmed that this vulnerability is currently being exploited in the wild, raising significant concerns for organizations using the platform. Users of Appsmith should act quickly to secure their accounts and systems to prevent unauthorized access. As the exploitation of this vulnerability poses a real threat, it’s crucial for affected users to stay informed and take necessary precautions.

Read Original
Actively Exploited

Poland's energy sector recently faced a severe cyber attack attributed to the Russian hacking group Sandworm. This incident involved a wiper malware that aimed to disrupt the functioning of the power grid, posing significant risks to the country's energy stability. Authorities have raised alarms about the potential for further attacks, as Sandworm is known for its destructive tactics and has previously targeted critical infrastructure. The implications of this attack extend beyond Poland, reflecting ongoing geopolitical tensions and the vulnerability of national infrastructures to cyber warfare. As the situation develops, experts urge energy companies to enhance their cybersecurity measures to prevent similar incidents in the future.

Read Original
Actively Exploited

A newly discovered vulnerability in VMware products allows attackers to execute remote code by sending specially crafted network packets. This critical-severity flaw poses a serious risk for organizations using affected VMware systems, as it could lead to unauthorized access and control over their networks. VMware has not specified which products are impacted, but the nature of the vulnerability suggests that any systems relying on VMware technologies could be at risk. Companies should prioritize patching their systems as soon as updates are available to prevent potential exploitation. The urgency is heightened as this vulnerability is now a target for attackers.

Read Original

Researchers have discovered a critical vulnerability in the GNU InetUtils telnet daemon (telnetd), tracked as CVE-2026-24061, which has remained unnoticed for nearly 11 years. This flaw affects all versions from 1.9.3 to 2.7 and has a high severity score of 9.8, indicating a significant risk. If exploited, attackers could gain root access to affected systems, posing a serious threat to security. This vulnerability impacts a variety of systems that rely on GNU InetUtils, making it imperative for users and organizations to address this issue promptly. As this flaw has been present for so long, it raises concerns about the security practices in place for maintaining software.

Read Original

A serious vulnerability has been discovered in all versions of GNU InetUtils telnetd, specifically those ranging from 1.9.3 to 2.7. This flaw, which allows remote attackers to bypass authentication, has gone unnoticed for nearly 11 years. Given the age of this issue, many systems may still be running vulnerable versions, putting users at risk. The discovery emphasizes the need for organizations to audit their systems and ensure they are not using outdated software. Users and administrators should take immediate action to update or patch their systems to mitigate potential exploitation.

Read Original

Recent research has revealed that attackers can now conduct more efficient intrusions targeting page caches in Linux systems. The study highlights vulnerabilities in how Linux manages memory, particularly in the page cache, which can be manipulated to access sensitive information. This development poses a risk to a wide range of Linux distributions, potentially affecting servers and workstations that rely on this operating system. As the efficiency of these attacks increases, companies and users need to be aware of the potential for data breaches and take preventive measures. It’s crucial for system administrators to stay informed and implement appropriate security protocols to mitigate these risks.

Read Original

The Global Cybersecurity Vulnerability Exploit (GCVE) initiative aims to improve how security flaws are tracked globally, promoting better collaboration among cybersecurity professionals. However, there are growing concerns about potential fragmentation within vulnerability databases. Critics warn that the introduction of duplicate entries and a decentralized approach could complicate the efforts of defenders, making it harder to manage and respond to vulnerabilities effectively. The implications of this fragmentation may lead to confusion and inefficiencies in addressing security threats, affecting organizations that rely on these databases to protect their systems. As the cybersecurity community continues to evolve, finding a balance between collaboration and centralization will be crucial to enhancing overall security.

Read Original
Actively Exploited

Hackers are actively exploiting a serious vulnerability in the GNU InetUtils telnetd server that has been around for 11 years. This flaw allows attackers to bypass authentication and gain root access, which poses a significant risk to systems still using this service. Organizations that rely on telnetd are at risk of unauthorized access, potentially leading to data breaches or system compromise. Security experts are urging affected users to address this vulnerability immediately to prevent exploitation. Given the age of the flaw, many systems might still be running unpatched versions, making them easy targets for attackers.

Read Original

GitLab has addressed a serious vulnerability in its authentication services that allowed attackers to bypass two-factor authentication (2FA). This flaw was due to an unchecked return value, which meant that if an attacker knew a target's account ID, they could submit fake device responses to gain unauthorized access. The issue is particularly concerning as it undermines a key security feature—2FA—that many users rely on to protect their accounts. GitLab has released patches to fix this vulnerability, and users are urged to update their systems promptly to ensure their accounts remain secure. This incident serves as a reminder of the importance of robust security measures in software development and the need for vigilance against potential exploits.

Read Original

A serious vulnerability has been discovered in the GNU InetUtils telnet daemon (telnetd) that has existed for nearly 11 years. This flaw, identified as CVE-2026-24061, allows attackers to bypass authentication remotely and gain root access to affected systems. It impacts all versions of GNU InetUtils from 1.9.3 to 2.7. Given its high CVSS score of 9.8, this vulnerability poses a significant risk to organizations still using these versions. Users and administrators should prioritize addressing this issue to prevent unauthorized access to their systems.

Read Original

A serious vulnerability in Appsmith has been discovered that could allow attackers to take over user accounts through a flawed password reset process. This flaw could potentially expose sensitive information and disrupt services for users relying on the platform for application development. The issue affects all users of Appsmith who utilize the password reset feature, making it a widespread concern. Security researchers are urging users to stay vigilant and take immediate action to protect their accounts. It's crucial for Appsmith to address this vulnerability quickly to prevent any further exploitation and maintain user trust.

Read Original
Actively Exploited

A serious vulnerability in SmarterTools' SmarterMail, identified as WT-2026-0001, is currently being exploited by attackers, just two days after a patch was released on January 15, 2026. Despite the urgency, the flaw has not yet been assigned a CVE identifier, which makes tracking and public awareness more challenging. This vulnerability could potentially affect organizations using SmarterMail, putting their email systems at risk. Given the rapid exploitation, companies relying on this software should prioritize applying the latest patch to safeguard their systems. Users are advised to remain vigilant and monitor their systems for any unusual activity that may indicate a breach.

Read Original
PreviousPage 48 of 64Next