Tag

Vulnerability

All articles tagged with #vulnerability

security5 days ago•1 min saved

Microsoft Fixes Privilege Escalation Flaw in Windows Admin Center (CVE-2026-26119)

Microsoft patched CVE-2026-26119, a high-severity improper authentication flaw in Windows Admin Center that could allow an authenticated attacker to elevate privileges to the user running the affected app; the fix arrived with Windows Admin Center v2511 (Dec 2025). While there are no confirmed exploits in the wild, Microsoft flags exploitation as more likely and researchers warn it could enable domain compromise under certain conditions.

via The Hacker News|

#cve-2026-26119 #microsoft #privilege-escalation

technology6 days ago•74 min saved

Chromium CSS zero-day CVE-2026-2441 appears in the wild

A zero-day use-after-free in Chromium’s CSS engine (CVE-2026-2441) has surfaced in the wild, potentially enabling heap corruption via crafted HTML and affecting Chromium-based browsers like Chrome, Edge, and Opera. The discussion centers on the vulnerability’s impact, possible exploit chains, and bug-bounty economics, with experts noting that attackers may combine a renderer bug with a sandbox escape for broader access. The thread also touches on how bug bounties compare to gray-market payouts for high-severity exploits and the reality that “in the wild” exploits often come with additional complications and risk for researchers.

via Hacker News|

#chromium #css #cve-2026-2441

technology8 days ago•4 min saved

Google Rolls Out Rapid Chrome Patch After First 2026 Zero-Day Exploitation

Google released an emergency Chrome patch to fix CVE-2026-2441, a use-after-free in CSS font rendering that was exploited in the wild; the fix was backported to stable builds on Windows, macOS and Linux, and users are urged to update immediately as more patches could follow.

via LinkedIn|

#chrome #cybersecurity #patch

technology9 days ago•3 min saved

Feds told to patch BeyondTrust flaw within 3 days after active exploitation

CISA ordered Federal civilian agencies to patch BeyondTrust Remote Support and Privileged Remote Access within three days after CVE-2026-1731, a remote code execution flaw that’s been actively exploited. SaaS instances were patched by BeyondTrust on Feb 2, 2026, but on-premise deployments require manual updates. Exploitation can allow unauthenticated remote code execution, risking system compromise, data exfiltration, and service disruption. Threat intel reports active exploitation and about 11,000 exposed instances (roughly 8,500 on‑premises). The agency added the CVE to its Known Exploited Vulnerabilities catalog and urged mitigations or discontinuation per vendor guidance under BOD 22-01.

via BleepingComputer|

#beyondtrust #cybersecurity #government

technology16 days ago•4 min saved

Critical pre-auth RCE in BeyondTrust remote-support tools prompts urgent patch

BeyondTrust warns of CVE-2026-1731, a pre-auth remote code execution flaw in Remote Support (RS) 25.3.1 and Privileged Remote Access (PRA) 24.3.4 and earlier, allowing unauthenticated attackers to run OS commands; patches are available by upgrading to RS 25.3.2+ and PRA 25.1.1+ (or enabling automatic updates). Cloud systems have been secured; about 11,000 instances are exposed online, with roughly 8,500 on-premises potentially vulnerable if not patched; no active exploitation is reported yet.

via BleepingComputer|

#enterprise-security #patch-management #remote-code-execution

entertainment23 days ago•3 min saved

Bieber Goes Bare at the Grammys, Turning Vulnerability Into Art

Justin Bieber delivered a stripped-down, armor-free rendition of 'Yukon' at the Grammys, performing with loops, a purple guitar, and a stage mirror while wearing boxer shorts—a moment of vulnerability that reframed his artistry even as he left trophy night without awards.

via The New York Times|

#entertainment #grammys #justin-bieber

security29 days ago•3 min saved

800k Telnet Devices Open to Root-Login Bypass (CVE-2026-24061)

Shadowserver has identified about 800,000 IPs fingerprinted for Telnet activity, highlighting widespread exposure to the root-login bypass in GNU InetUtils telnetd (CVE-2026-24061) affecting 1.9.3–2.7 and patched in 2.8; attackers can bypass authentication by sending USER=-f root via Telnet IAC. GreyNoise detected limited exploits starting Jan 21 from 18 IPs across 60 sessions, with 83% targeting root; attackers also attempted Python malware deployment but failed due to missing binaries. Most exposed devices are in Asia and the Americas; admins should disable vulnerable telnetd or block port 23 until patching.

via BleepingComputer|

#cve-2026-24061 #cybersecurity #iot

technology1 month ago•2 min saved

Node.js patches mitigate async_hooks stack overflow DoS risk

Node.js released patches for a critical vulnerability where async_hooks can cause a stack-overflow DoS, with the runtime exiting on code 7 instead of a catchable error; it affects many apps and frameworks (including React Server Components and Next.js) and APMs, tracked as CVE-2025-59466 (CVSS 7.5). Updates are available in Node.js 20.20.0+, 22.22.0+, 24.13.0+, and 25.3.0, while older 8.x–18.x remain EOL. Upgrade promptly and apply stronger stack-space protections; other high-severity fixes were released too.

via The Hacker News|

#asynchooks #dos #nodejs

security1 month ago•5 min saved

Reprompt flaw lets attackers hijack Copilot sessions via malicious prompts

Researchers exposed 'Reprompt', a flaw that injects commands via Copilot's URL q parameter to hijack an authenticated session and exfiltrate data, using P2P injection, double-request, and chain-request techniques; Microsoft patched the vulnerability on January 2026 Patch Tuesday, mainly affecting Copilot Personal rather than Microsoft 365 Copilot, and users should apply the latest Windows updates.

via BleepingComputer|

#copilot #data-exfiltration #prompt-injection

cybersecurity1 month ago•52 min saved

Zero-day in Windows DWM exploited in the wild prompts urgent patch

Microsoft patched a critical zero-day in Desktop Window Manager (DWM) after active exploitation in the wild. Tracked as CVE-2026-20805, the flaw allows low-privilege local attackers to leak user-mode memory addresses via remote ALPC ports, potentially aiding privilege escalation. Although not remotely exploitable, its low complexity and lack of user interaction make it attractive for malware or post-compromise operations. MSTIC and MSRC confirmed exploitation but noted no public proof-of-concept; patching, especially on legacy Windows versions in extended support, is urgently advised.

via Cyber Security News|

#cve-2026-20805 #cybersecurity #microsoft

web-security1 month ago•2 min saved

Critical AdonisJS Vulnerability Enables Remote Arbitrary File Write

A critical security flaw (CVSS 9.2) in the '@adonisjs/bodyparser' npm package allows remote attackers to perform arbitrary file writes on servers through path traversal in multipart file handling, emphasizing the need for immediate updates to affected versions. Additionally, a similar high-severity vulnerability was found in the jsPDF library, which has been patched in version 4.0.0.

via The Hacker News|

#adonisjs #bodyparser #cvss-92

technology1 month ago•0 min saved

Critical SmarterMail Vulnerability Enables Remote Code Execution

SmarterTools released security updates for SmarterMail versions Build 9406 and earlier to fix a critical vulnerability (CVE-2025-52691) that could allow remote code execution through arbitrary file uploads, urging users to update to Build 9413 immediately.

via Cyber Security Agency of Singapore|

#cve-2025-52691 #security-update #smartermail

entertainment2 months ago•12 min saved

Bradley Cooper and Will Arnett Shine in New Comedy Films

The article discusses Bradley Cooper's film inspired by John Bishop, exploring themes of vulnerability, performance, and personal growth through the lens of comedy and drama, featuring insights from actors like Will Arnett and Laura Dern.

via The Guardian|

#bradley-cooper #comedy #drama

security2 months ago•1 min saved

Critical n8n Vulnerability Exposes Over 103,000 Instances to Remote Code Execution

A critical security flaw in the n8n workflow automation platform (CVE-2025-68613) allows authenticated attackers to execute arbitrary code, affecting over 100,000 instances worldwide. The vulnerability has been patched in recent versions, and users are urged to update immediately or implement strict access controls to mitigate risks.

via The Hacker News|

#arbitrary-code-execution #cvss-99 #n8n

technology2 months ago•1 min saved

Linux Kernel's Rust Integration Faces First CVE Amidst Growing Adoption

The Linux kernel's Rust code has received its first CVE vulnerability, related to a race condition in the Android Binder rewrite that can cause system crashes in Linux 6.18 and newer, but no remote code execution or severe issues are reported.

via Phoronix|

#android-binder #cve #linux-kernel