Articles tagged "Vulnerability"

Found 929 articles

Critical
New EvilTokens Attack Exposes Browser Visibility Gap in Enterprise SOCs

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

A new phishing technique known as EvilTokens is raising concerns among security operations centers (SOCs) due to its ability to conceal account takeover indicators until the attack is executed within a browser. This tactic complicates the detection of threats, leaving SOC teams struggling to validate risks quickly. As a result, organizations may face increased vulnerability to account takeovers, putting sensitive information at risk. The need for enhanced visibility into browser activity is becoming clearer, highlighting a gap in current security measures that companies need to address to protect their users and data. This incident emphasizes the ongoing challenges faced by enterprises in maintaining security in an evolving cyber environment.

Read Original

Researchers have discovered that attackers are exploiting a serious vulnerability in Langflow, identified as CVE-2026-33017, which has a CVSS score of 9.3. This flaw allows for unauthenticated remote code execution (RCE), making it a prime target for cybercriminals. In recent attacks, these hackers have been using the vulnerability to deploy a Monero cryptocurrency miner on exposed AI application endpoints. Organizations using Langflow need to be particularly vigilant as the vulnerability is actively being exploited. This situation underscores the critical need for timely updates and security measures to protect sensitive systems from unauthorized access.

Read Original
Actively Exploited

Attackers have taken advantage of a serious vulnerability in SimpleHelp's remote management tool to deliver malware, specifically TaskWeaver and Djinn Stealer. This exploit allows the malware to infiltrate systems that utilize SimpleHelp, which is commonly used for remote support and management. The incident poses a significant risk to organizations relying on this software, as it could lead to unauthorized access and data theft. Users and companies are urged to assess their systems and apply any necessary patches or updates to mitigate the threat. The exploitation of this vulnerability highlights the ongoing risks associated with remote management tools in the current cybersecurity environment.

Read Original
Actively Exploited

Nissan Americas has been impacted by a significant data breach linked to a zero-day vulnerability in Oracle’s PeopleSoft software, identified as CVE-2026-35273. This vulnerability has led to a series of attacks, with researchers connecting it to a group known as UNC6240, which is believed to be exploiting the weakness. The breach raises serious concerns about the security of sensitive employee information and operational data within Nissan Americas and potentially other organizations using the same software. As attackers continue to exploit this vulnerability, affected companies must act quickly to secure their systems and protect their data from further unauthorized access.

Read Original
Actively Exploited

The Microsoft Defender vulnerability identified as CVE-2026-33825 has been actively exploited in ransomware attacks before any patches were made available. This zero-day vulnerability poses a significant risk to users of Microsoft Defender, as attackers have been able to take advantage of this flaw to deploy ransomware. The situation is urgent, as organizations using this security software may find themselves vulnerable to data breaches and financial loss. Experts strongly recommend that all users of Microsoft Defender remain vigilant and apply any available security updates as soon as they are released to mitigate potential risks. Immediate action is crucial to protect sensitive information from being compromised by malicious actors.

Read Original

An anonymous researcher has released zero-day exploits for several software products, raising concerns among users and developers. Notably, a critical vulnerability in libssh2 (CVE-2026-55200) allows attackers to execute code remotely without authentication. Additionally, a flaw in self-hosted Gitea Docker deployments (CVE-2026-20896) permits authentication bypass, enabling attackers to impersonate users and potentially take over Git servers. This incident is significant as it exposes serious weaknesses in widely used software, which could lead to unauthorized access and data breaches if not addressed promptly. Organizations using these products should be vigilant and take immediate steps to secure their systems.

Read Original

Cyber threat intelligence provider WhoisXML API has reported a surge in newly registered domains related to the recent earthquake in Venezuela, with 212 domains registered between June 24 and June 28, 2026. This spike raises concerns about potential online scams or phishing attempts, as attackers often take advantage of natural disasters to exploit unsuspecting users. Individuals looking for information or assistance after the earthquake may inadvertently visit these malicious sites. It's crucial for users to be cautious and verify the legitimacy of websites before providing any personal information or clicking on links. This incident underscores the need for heightened awareness during crises, as cybercriminals are quick to capitalize on public interest and vulnerability.

Read Original
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

The Hacker News

Actively Exploited

A new security vulnerability, CVE-2026-48558, has been identified in SimpleHelp, a remote support software. This critical flaw, which has a maximum severity score of 10.0, allows attackers to bypass authentication during the OpenID Connect (OIDC) flow. As a result, these attackers have been exploiting this weakness to deploy two malware families: TaskWeaver and Djinn Stealer. The situation poses significant risks for users of SimpleHelp, as the malware could lead to data theft and further system compromises. Organizations using this software should take immediate action to secure their systems against this ongoing threat.

Read Original

Attackers are currently exploiting a vulnerability in SimpleHelp, identified as CVE-2026-48558, which allows for an authentication bypass. This vulnerability has been patched, but it is actively being used to deploy Djinn Stealer malware on victim systems. Djinn Stealer is a versatile piece of malware that targets various operating systems, including Windows, macOS, and Linux. It collects sensitive credentials from a wide range of applications, including cloud services, source control, and cryptocurrency wallets. The situation poses a significant risk to users of SimpleHelp, particularly managed service providers, as the malware can compromise sensitive data and systems.

Read Original

The Blackfield ransomware group has targeted Nidec Corporation, a major Japanese manufacturer known for its electronic components used in automotive and computing applications. They are demanding a ransom of $2 million, indicating a serious breach that could impact the company's operations and supply chain. This incident raises concerns about the vulnerability of manufacturers in critical sectors to ransomware attacks, which can disrupt production and lead to financial losses. The situation is still developing, and it remains to be seen how Nidec will respond to this threat. Companies in similar industries should take note and ensure their cybersecurity measures are robust to prevent such attacks.

Read Original

A serious vulnerability, identified as CVE-2026-46817, has been discovered in Oracle E-Business Suite, allowing remote attackers to gain unauthorized access to Oracle Payments. This flaw has a high severity rating of 9.8 on the CVSS scale and is currently being exploited in real-world attacks, according to cybersecurity firm Defused Cyber. Organizations using Oracle E-Business Suite need to be particularly vigilant, as this vulnerability can lead to significant financial and operational risks. The situation is critical, and immediate action is necessary to protect sensitive payment information and other related data from unauthorized access. Users and administrators should prioritize addressing this vulnerability to mitigate potential breaches.

Read Original

A serious vulnerability in SimpleHelp has been exploited by attackers to deliver malware aimed at stealing sensitive information. The attackers are targeting credentials, SSH keys, cryptocurrency wallets, and development tools, which could have significant implications for individuals and organizations using this software. Users of SimpleHelp should be particularly cautious as this vulnerability is actively being exploited in the wild. The situation highlights the need for users to stay updated on security patches and to implement additional security measures to protect their assets. As of now, specific remediation steps have not been detailed, but users are advised to monitor for updates from SimpleHelp regarding this issue.

Read Original
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

The Hacker News

Actively Exploited

A serious vulnerability affecting Oracle E-Business Suite, identified as CVE-2026-46817, is currently being exploited by attackers. This flaw, which has a CVSS score of 9.8, relates to improper privilege management and authentication issues in Oracle Payments. If exploited, this vulnerability could allow unauthorized users to take control of affected instances, posing a significant risk to organizations using the software. The situation calls for immediate attention, as the vulnerability is actively being targeted in the wild. Companies using Oracle E-Business Suite should prioritize addressing this flaw to protect their systems and data from potential breaches.

Read Original

The National Institute of Standards and Technology (NIST) has decided to reduce the number of Common Vulnerabilities and Exposures (CVEs) it closely analyzes. This change has had mixed outcomes, as researchers have noted that while it may streamline some processes, it also affects the coverage and accuracy of vulnerability assessments. Fewer CVEs being examined could lead to gaps in understanding the full scope of vulnerabilities that organizations face. This is particularly concerning for companies that rely on NIST's assessments to prioritize security efforts. The decision raises questions about how effectively NIST can support the cybersecurity community with reduced resources dedicated to CVE analysis.

Read Original
Actively Exploited

Researchers have discovered a new class of weak RSA keys that are being used in various systems. These weak keys show a distinct pattern of regularly spaced blocks of zeros, making them more susceptible to attacks. This vulnerability could put many systems at risk, as RSA is widely used for securing communications and data. Organizations using these weak keys should take immediate action to replace them with stronger alternatives to prevent potential exploitation. The presence of these keys in the wild raises concerns about the overall security of encrypted communications and the need for better key management practices.

Read Original
PreviousPage 8 of 62Next