Articles tagged "Vulnerability"

Found 929 articles

A researcher has identified several vulnerabilities in Indian government systems, with one particularly alarming flaw that could have allowed unauthorized users to take control of a national government portal. This breach raises serious concerns about the security of sensitive government data and the potential for misuse by malicious actors. If exploited, these vulnerabilities could compromise personal information of citizens and disrupt essential government services. The findings emphasize the need for immediate action to secure these systems and protect public data from potential breaches. As the situation develops, it is crucial for the government to address these vulnerabilities swiftly to maintain public trust and ensure the safety of its digital infrastructure.

Read Original

This week, a new vulnerability named DirtyClone was discovered in the Linux kernel, allowing local attackers to escalate privileges. This flaw emphasizes how even minor oversights, such as unpatched vulnerabilities or outdated access paths, can lead to significant security breaches. The threat is particularly concerning for users of affected Linux distributions, as attackers could potentially exploit this vulnerability to gain unauthorized access to sensitive systems. Additionally, discussions are underway in various forums about other emerging threats, including AI-driven malware tactics and the Turla backdoor, which could further complicate the security landscape. Organizations are urged to stay vigilant and apply necessary updates to protect against these risks.

Read Original

Hackers are taking advantage of a serious vulnerability (CVE-2026-48558) in SimpleHelp, a remote support software, to deploy a new type of malware known as Djinn Stealer. This malware is capable of stealing information across multiple operating systems, including Windows, macOS, and Linux. Users of SimpleHelp are at risk as the flaw allows attackers to infiltrate systems and extract sensitive data without detection. The emergence of this undocumented malware raises concerns about the security of remote support tools, as they are commonly used by businesses and individuals for remote access. It is crucial for users to remain vigilant and apply any necessary updates to protect their information.

+1 more
Read Original
Actively Exploited

Hackers are actively exploiting a serious vulnerability, identified as CVE-2026-46817, in the Oracle E-Business Suite (EBS) financial application. This flaw poses a significant risk to businesses using the software, as it allows unauthorized access to sensitive financial data. Threat intelligence firm Defused reported that the attacks are already underway, making it crucial for organizations to take immediate action to protect their systems. Users of Oracle EBS should prioritize updating their software and implementing any available security patches to mitigate the risk of exploitation. The urgency of this situation highlights the ongoing need for vigilance in cybersecurity practices, especially for widely used enterprise applications.

Read Original
Actively Exploited

A data breach has occurred at the National Association of Insurance Commissioners (NAIC) after attackers exploited a zero-day vulnerability in Oracle Peoplesoft. This breach allows unauthorized access to the IT systems used by the NAIC, which plays a crucial role in setting standards for the US federal insurance framework. The incident raises serious concerns about the security of sensitive information within the insurance sector, as the NAIC handles critical data that impacts consumers and insurance providers alike. The exploitation of this vulnerability serves as a stark reminder of the ongoing risks associated with software used in government and financial sectors. Stakeholders need to be vigilant and assess their systems for potential vulnerabilities to prevent similar incidents in the future.

Read Original

A recently released proof-of-concept has exposed a serious vulnerability, CVE-2026-55200, in the libssh2 library, which is widely used for client-side SSH connections. This flaw allows a malicious SSH server to cause memory corruption on a client connecting to it, potentially leading to code execution without needing user credentials or interaction. The vulnerability impacts all versions of libssh2 up to 1.11.1 and has been rated with a CVSS score of 9.2, indicating its severity. Users of affected versions are at risk of exploitation, making it crucial for them to take immediate action. Given the nature of this flaw, it poses a significant threat to systems relying on libssh2 for secure connections.

Read Original

KDDI Corporation has reported a significant data breach that affects up to 14.2 million email accounts belonging to users of six Japanese internet service providers. The breach occurred due to attackers exploiting a vulnerability in third-party software used by the company. KDDI, one of Japan's largest telecommunications firms, has a large user base, making this breach particularly concerning. Users of the affected email accounts may face risks such as identity theft and unauthorized access to personal information. The incident raises questions about the security of third-party software and the measures companies take to protect sensitive user data.

Read Original

Recently, two proof-of-concept (PoC) exploits for vulnerabilities in the Linux kernel have been published, enabling local privilege escalation. One of these flaws is known as DirtyClone, which is related to the DirtyFrag vulnerability class. These vulnerabilities could allow attackers with local access to escalate their privileges, potentially gaining control over sensitive system functions. This is particularly concerning for systems that rely heavily on Linux, as it could lead to unauthorized access to critical data and services. Users and administrators should be aware of these vulnerabilities and take necessary precautions to secure their systems against potential exploitation.

Read Original

The National Association of Insurance Commissioners (NAIC) has confirmed that it was the target of a cyberattack claiming a massive data theft of 3.1TB. The breach was linked to a zero-day vulnerability in Oracle PeopleSoft, a widely used enterprise resource planning software. The hacking group ShinyHunters has taken responsibility for the incident, raising concerns about the security of sensitive data within the insurance sector. As a result, companies using Oracle PeopleSoft should assess their systems and consider implementing necessary security measures to protect against such vulnerabilities. This incident highlights the ongoing risks associated with software vulnerabilities and the importance of timely patches and updates.

Read Original

Curl has released an update addressing 18 vulnerabilities, including a significant bug that has existed since 2001. The oldest vulnerability, tracked as CVE-2026-8932, was identified through AI-assisted analysis and is related to versions of Curl dating back to March 2001. This update is crucial for users of Curl, which is widely used in various applications for transferring data. The vulnerabilities could potentially allow unauthorized access or manipulation of data, making it essential for developers and system administrators to apply the latest patches. Users are encouraged to update their Curl installations to ensure they are protected against these security issues.

Read Original
Actively Exploited

Polymarket, an online prediction market platform, reported a significant security incident that resulted in approximately $3 million in losses for its customers. This breach occurred when attackers injected a malicious script into Polymarket's frontend, exploiting a vulnerability in a third-party vendor's systems. As a result, user accounts were compromised, leading to unauthorized access and theft of funds. Polymarket has stated that it will fully reimburse affected customers, which is a crucial step in maintaining trust with its user base. This incident emphasizes the risks associated with relying on third-party services and highlights the importance of robust security measures in online platforms.

Read Original

A serious vulnerability in Amazon Q Developer was discovered, allowing malicious repositories to execute commands and potentially steal cloud credentials from developers. This flaw, tracked as CVE-2026-12957, received a CVSS score of 8.5, indicating its severity. The issue stemmed from the way Amazon's AI coding assistant interacted with Model Context Protocol (MCP) servers. Developers could unknowingly expose their credentials simply by opening a compromised repository and trusting its workspace. Amazon has since patched the vulnerability, emphasizing the need for developers to be cautious when dealing with untrusted code repositories.

Read Original

A newly discovered vulnerability in the Linux kernel, identified as CVE-2026-46331 and dubbed 'pedit COW', poses a significant risk by allowing unprivileged local users to gain root access on affected systems. This flaw resides in the traffic-control subsystem, specifically in the packet-editing action (act_pedit), which can lead to an out-of-bounds write that corrupts shared page-cache memory. The public release of a working exploit occurred just a day after the vulnerability was disclosed on June 16, raising concerns about its potential for exploitation. Red Hat has classified this flaw as important, emphasizing the urgency for users to assess their systems and apply necessary security measures. Given the rapid emergence of exploits, organizations using Linux systems should prioritize patching and monitoring for unusual activity to mitigate the risk of unauthorized access.

Read Original

A new privilege escalation vulnerability in the Linux kernel, known as DirtyClone, has been identified, allowing local users to gain root access by exploiting corrupted file-backed memory through cloned network packets. This flaw, tracked as CVE-2026-43503, has a CVSS score of 8.8, indicating a high severity level. JFrog Security Research demonstrated a working exploit for this vulnerability on June 25, marking the first public showcase of its kind. Users and organizations running affected Linux systems should be aware of the potential risks this flaw poses, as it can be exploited to take control of systems if not addressed promptly. A patch has been released to mitigate this issue, and users are encouraged to apply it as soon as possible to protect their systems.

Read Original

A group of hackers linked to China has been targeting critical infrastructure across Southeast Asia using a new backdoor known as TinyRCT. This custom malware is designed to infiltrate and compromise systems that are vital for national security and public services. While specific details about the affected sectors are limited, the implications of such attacks are severe, potentially disrupting essential services like electricity, water supply, and transportation. Researchers emphasize the need for heightened security measures in these sectors to mitigate risks. The ongoing nature of these attacks raises concerns about the vulnerability of infrastructure to foreign cyber threats, making it crucial for organizations to stay vigilant and proactive in their cybersecurity strategies.

Read Original
PreviousPage 9 of 62Next