All Malware Data Breach Privacy APT Vulnerability General
The Hacker News Vulnerability

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applicatio

The Hacker News Vulnerability

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allow

The Hacker News Vulnerability

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by its Security Update Guide count, more than triple June's previous high of around 200. Those two

The Hacker News Vulnerability

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 (CVSS score:

Kaspersky Vulnerability

Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk

Analysis of CVE-2024-2658 as found in Schneider Electric's Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially allows attackers to escalate to NT AUTHORITY\SYSTEM privileges and expand their foothold; learn how to mitigate the risk.

Kaspersky Vulnerability

Threat landscape for industrial automation systems. Q1 2026

This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source, region and industry.

Unit42 Vulnerability

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.

Unit42 Vulnerability

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE appeared first on Unit 42.

Unit42 Vulnerability

The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration

Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration appeared first on Unit 42.

Unit42 Vulnerability

Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42.

Mandiant Vulnerability

GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

Executive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial work

Krebs on Security Vulnerability

Patch Tuesday, May 2026 Edition

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used s

Prev 1 2 3 4 5 ... 19 Next