Oracle Corporation has released urgent security updates to address a severe vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw, tracked as CVE-2026-21992, allows unauthenticated attackers to execute arbitrary code remotely, making it a high-risk security issue. Severity and Impact This vulnerability has been assigned a CVSS score of 9.8 out of […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The agency has directed federal organizations to apply security patches by April 3, 2026, to reduce the risk of ongoing attacks. Affected Vulnerabilities Across Apple and Web Platforms The newly listed vulnerabilities affect systems
A serious security flaw has been identified in Magento that allows unauthenticated attackers to upload malicious files, execute remote code, and potentially take over user accounts. This issue, referred to as PolyShell, has been analyzed by the security firm Sansec. The vulnerability affects all versions of Magento Open Source and Adobe Commerce up to 2.4.9-alpha2.
A newly disclosed critical vulnerability in the open-source AI platform Langflow has already been actively exploited within just 20 hours of its public announcement, demonstrating how quickly attackers weaponize newly discovered security flaws. The vulnerability, tracked as CVE-2026-33017 with a CVSS score of 9.3, is caused by a combination of missing authentication and unsafe code
Critical Langflow Vulnerability CVE-2026-33017 Exploited Within 20 Hours of Disclosure Read More »
Apple has released an urgent security advisory, cautioning users who are still operating older versions of iOS to immediately update their devices. The warning highlights active cyberattacks carried out using advanced exploit kits such as Coruna and DarkSword, which are targeting outdated iPhones through malicious web content. These exploit kits are designed to take advantage
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding the active exploitation of critical vulnerabilities affecting Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint. The agency has urged organizations, especially government entities, to immediately apply security patches to mitigate risks. Actively Exploited Vulnerabilities The two vulnerabilities highlighted by CISA include: CISA
Amazon Threat Intelligence has issued a warning regarding an active Interlock ransomware campaign exploiting a critical zero-day in Cisco Secure Firewall Management Center (FMC) software. The vulnerability, CVE-2026-20131 (CVSS 10.0), stems from insecure deserialization of user-supplied Java byte streams, enabling unauthenticated attackers to execute arbitrary Java code as root. According to Amazon’s MadPot global sensor
Interlock Ransomware Exploits Cisco FMC Zero Day CVE-2026-20131 to Gain Root Access Read More »
Cybersecurity researchers have revealed nine severe vulnerabilities in low-cost IP KVM devices, highlighting the risks posed by these networked remote management tools. The flaws were discovered by Eclypsium and affect products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. IP KVM devices provide remote access to a system’s keyboard, video output, and
Cybersecurity researchers have disclosed a serious vulnerability in Ubuntu Desktop that could allow attackers to escalate privileges to root on affected systems. Tracked as CVE-2026-3888, the flaw carries a CVSS score of 7.8 and affects default installations of Ubuntu 24.04 LTS and later versions. According to the Qualys Threat Research Unit (TRU), the vulnerability arises
Technology company Apple has released a new security update to address a vulnerability in the WebKit engine that could allow attackers to bypass important browser security protections on its operating systems. The issue, tracked as CVE-2026-20643, affects devices running iOS, iPadOS, and macOS. According to Apple, the flaw could allow malicious websites to bypass the
Apple Patches WebKit Flaw Allowing Same Origin Policy Bypass on iOS and macOS Read More »