Aggregator

Menlo Security research warns that as enterprise applications become increasingly browser based, traditional cybersecurity tools leave them vulnerable to cyber threats

MaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal crypto

Australia's second-largest sugar producer said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate the attack and restore its systems safely.

ServiceNow applied a security update after an API access issue exposed customer data, with affected firms notified through direct support cases.

Windows administrators should quickly deploy Microsoft’s June 9, 2026 security updates to fix a newly disclosed zero‑day in the Windows Collaborative Translation Framework (CTFMON), tracked as CVE‑2026‑45586. The flaw allows a local attacker with low privileges to escalate to SYSTEM, making it a valuable post‑exploitation primitive for threat actors. Windows CTF 0-Day Vulnerability CVE‑2026‑45586 is […]

The post Windows Collaborative Translation Framework 0-Day Vulnerability Allows Privilege Escalation appeared first on Cyber Security News.

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1). "An

A vulnerability described as problematic has been identified in Jenkins up to 2.554.x. This affects an unknown function of the component Redirect URL Handler. The manipulation results in open redirect. This vulnerability was named CVE-2026-53437. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Jenkins up to 2.554.x. Affected is an unknown function. Such manipulation leads to permission issues. This vulnerability is referenced as CVE-2026-53438. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Jenkins up to 2.554.x. Affected by this issue is some unknown functionality. Executing a manipulation can lead to permission issues. This vulnerability is tracked as CVE-2026-53439. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in Jenkins up to 2.554.x and classified as problematic. This affects an unknown part of the component Servlet Container Handler. The manipulation of the argument from leads to open redirect. This vulnerability is listed as CVE-2026-53440. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Jenkins up to 2.554.x and classified as critical. This vulnerability affects unknown code of the file config.xml of the component Controller File System Handler. The manipulation results in permission issues. This vulnerability is cataloged as CVE-2026-53442. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Jenkins up to 2.482/2.554.x. It has been rated as problematic. The affected element is an unknown function of the file config.xml of the component Description Handler. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-53441. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in pipecat-ai pipecat up to 1.1.x. The affected element is an unknown function of the file src/pipecat/runner/run.py of the component HTTP Request Handler. Such manipulation of the argument path leads to path traversal. This vulnerability is documented as CVE-2026-44716. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in nimiq core-rs-albatross up to 1.3.x. It has been classified as problematic. This affects the function Ed25519PublicKey::delinearize of the file keys/src/multisig/mod.rs. Performing a manipulation results in reachable assertion. This vulnerability was named CVE-2026-46542. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

Анонс новых функций Apple Intelligence для вашей повседневной жизни.

A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST /api/v2/

The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]

在 Node.js 生态系统发生了一系列严重安全事件之后，npm 管理工具的下一个大版本 v12 将在安全方面进行重大调整：除非明确允许，npm install 不再自动执行依赖项的 preinstall、install、postinstall 脚本。来自 Git、文件和链接依赖项的准备脚本也会以同样的方式被阻止。npm v12 将于 2026 年 7 月推出。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a newly discovered zero-day vulnerability in Google Chromium that is actively being exploited in the wild. The flaw, tracked as CVE-2026-11645, affects the Chromium V8 JavaScript engine and could allow attackers to execute arbitrary code within a browser sandbox. According to […]

The post CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.