Vulnerabilities Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Vulnerabilities

Ivanti Sentry Exploitation Attempts Hitting Honeypots

The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges.

Ionut Arghire1 day ago

Vulnerabilities

Chrome 149 Update Patches 28 Vulnerabilities

The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs.

Ionut Arghire1 day ago

Cybercrime

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation.

Eduard Kovacs1 day ago

Vulnerabilities

Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

Oracle has released mitigations for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks.

Eduard Kovacs2 days ago

Vulnerabilities

Chrome 147, Firefox 150 Security Updates Rolling Out

The browser refreshes resolve critical and high-severity vulnerabilities that could lead to arbitrary code execution.

Ionut ArghireApril 29, 2026

Vulnerabilities

Critical GitHub Vulnerability Exposed Millions of Repositories

The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server.

Eduard KovacsApril 29, 2026

Vulnerabilities

No Patch for New PhantomRPC Privilege Escalation Technique in Windows

A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System.

Ionut ArghireApril 28, 2026

Vulnerabilities

Incomplete Windows Patch Opens Door to Zero-Click Attacks

The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries.

Ionut ArghireApril 27, 2026

Vulnerabilities

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators.

Ionut ArghireApril 27, 2026

Endpoint Security

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages.

Ionut ArghireApril 27, 2026

Privacy

Firefox Vulnerability Allows Tor User Fingerprinting

The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10.

Eduard KovacsApril 27, 2026

Endpoint Security

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike has fixed a critical LogScale vulnerability, while Tenable addressed a high-severity Nessus flaw.

Eduard KovacsApril 24, 2026

Data Protection

Apple Patches iOS Flaw Allowing Recovery of Deleted Chats

Apple rolled out the security patches for dozens of iPhone and iPad models and generations.

Ionut ArghireApril 23, 2026

Vulnerabilities

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges.

Ionut ArghireApril 23, 2026

Artificial Intelligence

Claude Mythos Finds 271 Firefox Vulnerabilities

All the flaws could have also been found by an elite human researcher, according to Mozilla.

Eduard KovacsApril 22, 2026

Artificial Intelligence

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware.

Eduard KovacsApril 22, 2026

Vulnerabilities

Oracle Patches 450 Vulnerabilities With April 2026 CPU

The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.

Ionut ArghireApril 22, 2026

Vulnerabilities

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Things are improving, but a researcher has still identified over 1,500 Perforce P4 instances allowing attackers to read files on the server.

Eduard KovacsApril 21, 2026

Vulnerabilities

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass.

Ionut ArghireApril 21, 2026

Vulnerabilities

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before.

Ionut ArghireApril 21, 2026

ICS/OT

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios.

Eduard KovacsApril 20, 2026

Vulnerabilities

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed.

Ionut ArghireApril 20, 2026

Government

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Other noteworthy stories that might have slipped under the radar: ShinyHunters targets Rockstar Games, ShowDoc vulnerability exploited in the wild, and EPA to boost...

SecurityWeek NewsApril 17, 2026

Vulnerabilities

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April.

Eduard KovacsApril 17, 2026

Page 7 of 424« First ‹ Previous 3 4 5 678 9 10 11 Next ›Last »

Webinar: How Modern Breaches Bypass MFA and Evade Detection

June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Webinar: Modern Exposure Validation in the AI Era

June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

SECURITYWEEK NETWORK:

ICS:

Vulnerabilities

Ivanti Sentry Exploitation Attempts Hitting Honeypots

Vulnerabilities

Chrome 149 Update Patches 28 Vulnerabilities

Cybercrime

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

Vulnerabilities

Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

Vulnerabilities

Chrome 147, Firefox 150 Security Updates Rolling Out

Vulnerabilities

Critical GitHub Vulnerability Exposed Millions of Repositories

Vulnerabilities

No Patch for New PhantomRPC Privilege Escalation Technique in Windows

Vulnerabilities

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Vulnerabilities

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

Endpoint Security

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

Privacy

Firefox Vulnerability Allows Tor User Fingerprinting

Endpoint Security

Vulnerabilities Patched in CrowdStrike, Tenable Products

Data Protection

Apple Patches iOS Flaw Allowing Recovery of Deleted Chats

Vulnerabilities

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

Artificial Intelligence

Claude Mythos Finds 271 Firefox Vulnerabilities

Artificial Intelligence

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Vulnerabilities

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Vulnerabilities

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Vulnerabilities

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Vulnerabilities

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

ICS/OT

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Vulnerabilities

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

Government

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Vulnerabilities

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Daily Briefing Newsletter

Trending

Webinar: How Modern Breaches Bypass MFA and Evade Detection

Webinar: Modern Exposure Validation in the AI Era

People on the move

Expert Insights

After AI Reaches Production: 12 Ways Security Teams Can Take Control

Everybody Is Vibe Coding But Nobody Told the Security Team

The Zero-Knowledge Threat Actor and the End of Responsible Disclosure

Raising the Cybersecurity Stakes: Ante up for the Agentic Era

Caught Off Guard: Securing AI After It Hits Production

Daily Briefing Newsletter