Topic: security vulnerabilities
-
Critical SolarWinds Serv-U Flaws Grant Root Server Access
SolarWinds has released critical security patches for its Serv-U file transfer software to fix four vulnerabilities that could allow remote code execution and full administrative takeover of servers. All four flaws require the attacker to already have high-privilege access, limiting exploitation ...
Read More » -
Anthropic's Official Git MCP Server Exposes Prompt Injection Bugs
Critical vulnerabilities were discovered in Anthropic's official Git server for its Model Context Protocol (MCP), exploitable via prompt injection attacks to manipulate AI assistants into unauthorized actions. The flaws, present in default installations, allow attackers to execute code, delete fi...
Read More » -
Microsoft Patches 56 Flaws, Including Two Zero-Days Under Active Attack
Microsoft's final 2025 security update patches 56 vulnerabilities, including three critical flaws, with two already being actively exploited. The most urgent fix is for CVE-2025-62221, a privilege escalation flaw in Windows that is under active attack and requires prompt patching. Other significa...
Read More » -
Freedom Chat App Exposed Users' Phone Numbers and PINs
Freedom Chat, a privacy-focused messaging app, fixed two major vulnerabilities that allowed attackers to identify registered users' phone numbers and exposed their app-lock PINs to other users in public channels. Security researcher Eric Daigle discovered the flaws, which included weak server pro...
Read More » -
Fortinet warns of critical FortiCloud SSO auth bypass flaw
Fortinet has patched two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in several products, which could allow attackers to gain unauthorized access via a crafted SAML message. The affected FortiCloud SSO feature is not enabled by default on new devices, but it i...
Read More » -
DJI Pays $30K to Hacker Who Exposed 7,000 Robovac Flaws
A security researcher discovered a major flaw in DJI's Romo robot vacuum network, exposing around 7,000 devices to potential remote access and viewing into private homes. DJI confirmed a $30,000 reward, has patched one vulnerability, and is implementing a broader system upgrade to address more se...
Read More » -
Brave Exposes Critical AI Browser Security Flaws
Brave uncovered critical security flaws in AI browsers like Perplexity Comet and Fellou, where malicious websites can hijack AI assistants to access sensitive user accounts and data through indirect prompt injection attacks. These vulnerabilities allow attackers to embed hidden commands in webpag...
Read More » -
HPE Issues Critical Alert for AOS-CX Admin Password Reset Flaw
HPE has released critical security patches for its Aruba AOS-CX operating system, addressing multiple vulnerabilities including a severe authentication bypass (CVE-2026-23813) in the web management interface. For immediate protection, HPE recommends isolating management interfaces on a dedicated ...
Read More » -
Hackers Exploit Critical Microsoft Zero-Day Bugs in Windows, Office
Microsoft has released critical patches for actively exploited zero-day vulnerabilities in Windows and Office, including a severe flaw (CVE-2026-21510) in the Windows shell that bypasses the SmartScreen security filter. A second critical vulnerability (CVE-2026-21513) exists in the legacy MSHTML ...
Read More » -
Microsoft's Valentine's Day Patch: 6 Critical Zero-Day Fixes
Microsoft's February security update patched 59 vulnerabilities, with six actively exploited as zero-days before the fix, indicating a more aggressive threat landscape. Among the critical flaws patched were high-severity security feature bypasses in Windows Shell and Internet Explorer, which coul...
Read More » -
OpenClaw's AI Evolution Alarms Cybersecurity Experts
The OpenClaw AI project has rapidly evolved from a niche tool into a viral phenomenon, shifting from reactive chatbots to autonomous systems that proactively perform tasks on a user's device, raising significant security alarms. Its explosive growth has outpaced security vetting, creating major r...
Read More » -
Docker Hardened Images: Now Affordable for Small Businesses
Docker now offers unlimited access to its Hardened Images catalog through an affordable subscription, making secure, vulnerability-checked container images accessible to startups and small businesses with a 30-day free trial. These images are built from source code, stripped of non-essential comp...
Read More » -
Ox Security Raises $60M to Boost Code Vulnerability Scanning
Ox Security, a platform for detecting vulnerabilities in AI-generated and traditional code, raised $60 million in Series B funding, led by DTCP with support from IBM Ventures and Microsoft, totaling $94 million in funding. Founded by ex-Check Point engineers, Ox Security scans code for threats, s...
Read More » -
Microsoft Patches Critical Zero-Day Exploits
Microsoft's latest security update patches 79 vulnerabilities, including two publicly disclosed zero-day exploits, requiring urgent attention from IT teams. One critical zero-day (CVE-2026-21262) is a high-severity privilege escalation flaw in SQL Server, posing a risk to exposed instances, while...
Read More » -
Over 40,000 OpenClaw Instances Found Exposed Online
Over 40,000 publicly exposed OpenClaw AI instances have been discovered, granting attackers the same access to systems and data as the AI agent itself. Exploitation is active, with many instances linked to prior breaches and vulnerabilities, including critical remote code execution flaws that all...
Read More » -
Code Formatting Sites Leak User Secrets and Credentials
Popular online code formatting platforms like JSONFormatter and CodeBeautify are leaking sensitive user data, including passwords and API keys, through publicly accessible links due to predictable URL patterns. Security researchers found over 80,000 exposed entries containing critical information...
Read More » -
Critical Flaws Exposed in Smart Air Compressor
Smart air compressors like the CAT-10020SMHAD with MDR2i controllers offer digital convenience but introduce cybersecurity risks, including vulnerabilities that could disrupt operations or manipulate data. Security flaws identified include hardcoded Wi-Fi passwords, unencrypted HTTP communication...
Read More » -
Claude for Chrome Enters Beta, Prompt Injection Risks Loom
Anthropic has launched a beta Chrome extension for its Claude AI assistant, allowing it to perform web-based tasks like scheduling and form completion, with initial access limited to 1,000 premium users to address security risks. The extension faces significant security vulnerabilities, such as p...
Read More » -
Viral AI Assistant Sparks Data Security Concerns
The Moltbot AI assistant's deep system integration and popularity pose severe security risks, as its power can lead to leaks of sensitive corporate and personal data if deployments are not properly secured. Insecure enterprise deployments are common, often due to misconfigured proxies that expose...
Read More » -
Microsoft Copilot Hijacked in Reprompt Attack for Data Theft
The "Reprompt" attack is a cybersecurity threat that allows attackers to hijack a user's Microsoft Copilot session via a malicious link, exploiting a vulnerability where Copilot automatically executes prompts from a URL parameter. The attack uses three techniques—Parameter-to-Prompt injection, a ...
Read More » -
Android's December 2025 Security Patch: A Major Update
Google's December 2025 Android Security Bulletin details numerous critical vulnerabilities, including a severe flaw in the Android Framework that could enable remote denial-of-service attacks without special privileges. The update addresses high-severity system and kernel-level vulnerabilities th...
Read More » -
AI-Generated Code: The Hidden Cost of Human Cleanup
AI-generated code now accounts for about a quarter of production code but introduces new vulnerabilities, with many organizations experiencing security incidents due to flaws in this automated output. Accountability for security breaches involving AI-generated code is unclear, as responsibility i...
Read More » -
AI Uncovers Hidden Bugs in Decades-Old Code
AI can uncover long-hidden vulnerabilities in legacy software, demonstrating a powerful dual-use capability for both security enhancement and potential weaponization by malicious actors. While AI complements traditional security tools by reasoning about system functions to identify novel attack p...
Read More » -
Major Password Managers Have Design Flaws Enabling Vault Attacks
A security analysis reveals significant design vulnerabilities in major cloud-based password managers (Bitwarden, LastPass, Dashlane, 1Password), challenging their "zero-knowledge" encryption claims and potentially allowing full vault compromise. The vulnerabilities stem from common architectural...
Read More » -
Password Managers Can Sometimes See Your Vaults
Password managers rely on a "zero knowledge" encryption model, promising that service providers cannot access user data, but recent research shows this guarantee can be compromised under specific conditions. Security researchers found vulnerabilities not in the core encryption, but in common conv...
Read More » -
Your Car's Browser Is a Cyber Risk
Integrated browsers in devices like cars and smart TVs are often unpatched for years, creating significant security vulnerabilities and enabling phishing attacks. A study using crowdsourced testing found many newly released devices contain browsers several years out of date, with manufacturers fr...
Read More » -
Ditch Your Router's USB Port: What Tech Pros Use Instead
Security experts strongly advise against using a router's USB port due to outdated, insecure protocols like FTP and SMBv1, which can expose your network to data breaches and unauthorized access. Using a router's USB port for file sharing often degrades network performance, causing slower internet...
Read More » -
Apple Boosts Bug Bounty to $2 Million for Critical Exploits
Apple is increasing its bug bounty rewards to up to $2 million for critical exploit chains, aiming to secure its ecosystem of over 2.35 billion active devices and incentivize researchers to report severe vulnerabilities directly. The program includes bonuses for bypassing Lockdown Mode or finding...
Read More » -
Urgent: Hackers Exploit Unpatched Oracle EBS Vulnerabilities
Oracle has confirmed active exploitation of unpatched vulnerabilities in its E-Business Suite, with hackers sending extortion emails claiming to have stolen sensitive corporate data. The vulnerabilities were resolved in the July 2025 Critical Patch Update, which addressed nine EBS flaws, includin...
Read More » -
Apple Rolls Out iOS 18.6 & macOS 15.6 Updates as Current Gen Nears End
Apple has released updates (iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, etc.) focusing on security patches and minor improvements, while preparing for major fall releases. The updates address over two dozen vulnerabilities and introduce compliance measures for EU users, such as support for alterna...
Read More » -
McDonald’s AI Hiring Bot Leaked Millions of Applicants’ Data Due to Weak Security
McDonald’s AI hiring chatbot, Olivia, exposed millions of job applicants' personal data due to weak security, including a default password like "123456" granting full database access. Security researchers Ian Carroll and Sam Curry easily breached the system, uncovering sensitive applicant details...
Read More » -
SMS Sign-In Links Put Millions at Risk
SMS-based authentication links are creating major security vulnerabilities, exposing users to fraud and identity theft across numerous online services due to easily guessable or enumerable tokens in the URLs. Attackers can exploit these weak tokens to access other users' accounts, view sensitive ...
Read More » -
Microsoft's First Free Windows Update for 2026 Confirmed
Microsoft has released a critical 2026 security update for Windows 10, patching over 100 vulnerabilities, as the operating system's official support ends in October 2026. Despite the approaching end-of-life, Windows 10's market share remains high, creating a security challenge as many users have ...
Read More » -
Boost SaaS Security with NIST CSF & Agentic AI
The rapid adoption of SaaS and AI often outpaces security, creating risks; the NIST Cybersecurity Framework provides a structured blueprint to balance innovation with robust protection. Effective security requires strong governance and collaboration between InfoSec and SaaS teams, alongside criti...
Read More » -
HashJack Attack Hijacks AI Browsers and Assistants
Security researchers have discovered a method called HashJack that embeds malicious commands in URL fragments to manipulate AI browsing tools into executing harmful actions like inserting dangerous links or sharing user data. The attack's success varies by platform, affecting Perplexity Comet, Mi...
Read More » -
Tata Motors Patches Security Flaws That Exposed Customer Data
A security researcher discovered and reported critical vulnerabilities in Tata Motors' E-Dukaan portal, including exposed AWS private keys that could access sensitive customer and corporate data. The breach risked exposing extensive information such as customer invoices with personal details, MyS...
Read More » -
F5 Networks Breached: Hackers Stole Code and Customer Data
State-sponsored hackers breached F5 Networks' systems, stealing proprietary source code and sensitive customer data, with the company detecting the intrusion on August 9 and implementing containment measures. The attackers accessed F5's BIG-IP development environment and knowledge systems, exposi...
Read More » -
SystemBC Malware Hijacks VPS Servers as Proxy Gateways
The SystemBC proxy botnet targets vulnerable commercial virtual private servers, maintaining around 1,500 daily compromised systems to route malicious traffic and mask cybercriminal activities. It is widely used by ransomware groups and other threat actors, leveraging unpatched security flaws in ...
Read More » -
Windows 10 Gets Final Major Update as Windows 11 Takes the Spotlight
The final major update for Windows 10 has been released, as Microsoft shifts focus to Windows 11, with official support ending next month and users needing to upgrade or enroll in extended security services. The September update includes crucial security patches addressing 81 vulnerabilities, inc...
Read More » -
Ex-WhatsApp Security Chief Sues Meta, Calls Culture a "Cult"
Meta's advertisements claim WhatsApp ensures complete user privacy, but a lawsuit by its former security head alleges the company concealed significant security vulnerabilities. The suit contends that around 1,500 WhatsApp engineers had unrestricted access to user data, potentially violating an F...
Read More » -
Find Security Flaws in Python Code with Bandit
Bandit is an open-source tool that scans Python source code to identify security vulnerabilities, such as unsafe use of `eval` or hard-coded passwords, by comparing code against a set of security rules. Each finding is assigned a severity and confidence rating to help prioritize fixes, and the to...
Read More » -
Rising Google Ads MCC Takeover Scams: How Phishing Attacks Work
A surge in sophisticated phishing attacks is compromising Google Ads Manager accounts, allowing fraudsters to drain advertising budgets of tens of thousands of dollars within hours, even bypassing two-factor authentication. Attackers use deceptive emails that mimic legitimate Google invitations, ...
Read More » -
Vibe Coding: The Dark Side of the New Open Source
Vibe coding uses AI to rapidly generate functional code, accelerating development but introducing significant security challenges to software supply chains. AI-generated code often reproduces historical vulnerabilities from flawed training data and lacks nuanced understanding of project-specific ...
Read More » -
AI Agents Targeted by Stealthy Web Poisoning Attacks
A new cyber threat called parallel web poisoning targets AI agents by serving them hidden malicious webpages that exploit their predictable digital fingerprints. This attack is stealthy because it bypasses traditional defenses by remaining invisible to human users and standard security scanners, ...
Read More » -
FBI Urges Americans: Replace These Risky Wi-Fi Routers Now
The FBI warns that outdated Wi-Fi routers have severe, actively exploited security flaws, allowing cybercriminals to upload malware and directly threaten personal and financial data. Compromised routers are hijacked into botnets, enabling large-scale attacks and the secret interception of unencry...
Read More » -
DJI's Robovac: An Autonomous Drone That Falls Short on Trust
The DJI Romo P is a highly advanced, multifunctional robot vacuum and mop that offers impressive cleaning performance and near-total autonomy through its self-emptying, self-cleaning base station. A critical security flaw that allowed unauthorized remote access to its camera feed raises serious p...
Read More » -
OpenClaw Scanner: Detect AI Agents with Open-Source Tool
The OpenClaw Scanner is a free, open-source tool that helps companies detect the presence of the autonomous OpenClaw AI agent (or MoltBot) within their networks, which can operate independently and access internal systems. Security investigations have found that poorly configured OpenClaw deploym...
Read More » -
Windows Secure Boot Certificates Expire in June: Your Action Plan
The foundational security certificates for UEFI Secure Boot, introduced with Windows 8, are expiring in 2024, requiring a planned update to maintain the system's integrity. Devices that fail to install the necessary updates will enter a degraded security state, losing the ability to receive criti...
Read More » -
Google's December Update Fixes 33 Bugs, Boosts Pixel Security
Google has released a December security patch for Pixel 6 and later models, addressing 33 bugs and patching critical vulnerabilities to enhance device stability and security. The update fixes specific user-reported issues, including a battery icon glitch, ensures the 80% charge limit works correc...
Read More » -
The Hidden Dangers of Vibe Coding That Could Ruin Your Business
Vibe coding enables developers to program using plain English instructions, making application building faster and more accessible but often at the cost of code quality, security, and maintainability. Experts warn that over-reliance on AI-generated code can lead to inconsistent quality, rapid acc...
Read More »