Aggregator

A vulnerability classified as problematic has been found in Mattermost up to 10.11.10/11.2.2/11.3.0. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument User-Agent leads to improper validation of specified type of input. This vulnerability is referenced as CVE-2026-25783. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 10.11.10/11.2.2/11.3.0. It has been classified as problematic. This affects an unknown part of the component DOC File Parser. This manipulation causes uncontrolled memory allocation. This vulnerability is registered as CVE-2026-25780. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

Are Your Machine Identities and Secrets Secure? The management of Non-Human Identities (NHIs) and secrets is a foundational aspect of robust cloud-native security. NHIs, often described as machine identities, are critical in ensuring that systems communicate safely and efficiently. Unlike human users, these identities operate behind the scenes, executing tasks with a level of efficiency […]

The post How controlled should your cloud-native AI security be appeared first on Entro.

The post How controlled should your cloud-native AI security be appeared first on Security Boulevard.

How Can Non-Human Identities Enhance Agentic AI Performance? What strategies are you employing to manage non-human identities (NHIs) within your organization? The notion of NHIs encompasses more than just machine identities; it’s about the seamless coordination between cybersecurity and R&D to secure the cloud environment. Understanding Non-Human Identities in Cybersecurity Non-human identities, or NHIs, act […]

The post Are you certain your Agentic AI optimally performs appeared first on Entro.

The post Are you certain your Agentic AI optimally performs appeared first on Security Boulevard.

How Can We Leverage Agentic AI Management to Secure Non-Human Identities? Where machine identities outnumber human users, consistently interacting within complex clouds. How do we effectively secure these digital entities to prevent cyber threats? Welcome to Non-Human Identities (NHIs) where the integration of Agentic AI management can play a pivotal role. Understanding the Complexity of […]

The post How smart is your approach to Agentic AI management appeared first on Entro.

The post How smart is your approach to Agentic AI management appeared first on Security Boulevard.

Cursor’s Composer 2 identified as Moonshot’s Kimi K2.5 exposing an AI governance gap.

The post Moonshot AI governance breakdown: Lessons from the Cursor/Kimi K2.5 incident appeared first on Security Boulevard.

LAPSUS$ claims it breached AstraZeneca, offering alleged source code, credentials, cloud configs, and employee data for sale in leaked samples.

A vulnerability labeled as problematic has been found in IBM Aspera Console up to 3.4.8. Affected by this vulnerability is an unknown functionality. Such manipulation leads to observable response discrepancy. This vulnerability is uniquely identified as CVE-2025-13460. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Apache Spark up to 3.5.6/4.0.0 and classified as critical. This vulnerability affects unknown code. Such manipulation leads to deserialization. This vulnerability is listed as CVE-2025-54920. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in zephyrproject-rtos Zephyr up to 4.3. Affected by this issue is some unknown functionality of the component Crypto Driver. Executing a manipulation of the argument length can lead to buffer overflow. This vulnerability appears as CVE-2026-0849. The physical device can be targeted for the attack. There is no available exploit.

A vulnerability labeled as problematic has been found in OpenHarmony up to 5.1.0.x. The affected element is an unknown function. Executing a manipulation can lead to type confusion. The identification of this vulnerability is CVE-2025-25277. The attack can only be executed locally. There is no exploit available.

A vulnerability marked as critical has been reported in OpenHarmony up to 5.1.0.x. The impacted element is an unknown function of the component Pre-installed Apps. The manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2025-41432. The attack can only be performed from a local environment. No exploit is available.

A vulnerability was found in OpenHarmony up to 5.0.3.x. It has been classified as problematic. This issue affects some unknown processing. This manipulation causes improper input validation. This vulnerability appears as CVE-2025-26474. The attack requires local access. There is no available exploit.

A vulnerability was found in OpenHarmony up to 5.1.0.x. It has been declared as problematic. Impacted is an unknown function. Such manipulation leads to improper input validation. This vulnerability is traded as CVE-2025-6969. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in OpenHarmony up to 6.0. It has been rated as problematic. The affected element is an unknown function. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2026-0639. Attacking locally is a requirement. No exploit is available.

A vulnerability was found in Raytha CMS up to 1.4.5 and classified as critical. This impacts an unknown function of the component .NET Component. Executing a manipulation can lead to code injection. This vulnerability is registered as CVE-2025-15540. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in HCL AION 2.0. This impacts an unknown function of the component Image Parser. Performing a manipulation results in improper authentication. This vulnerability is identified as CVE-2025-52638. The attack is only possible with local access. There is not any exploit available.

A vulnerability described as critical has been identified in OpenHarmony up to 5.1.0.x. This affects an unknown function of the component Pre-installed Apps. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2025-52458. The attack is only possible with local access. There is not any exploit available.

Currently trending CVE - Hype Score: 10 - A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate ...

The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. [...]