vulnerability
17 articles tagged with "vulnerability"
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
- **Swati Khandelwal**Jun 22, 2026IoT Security / Vulnerability [*]($1) A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botn...
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
- **The Hacker News**Jun 22, 2026Exposure Management / AI Security [*]($1) Earlier this month, I spoke at the [Gartner Security & Risk Management Summit]($1) about a blind spot most security progr...
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
- **Ravie Lakshmanan**Jun 22, 2026AI Security / Vulnerability [*]($1) Cybersecurity researchers have disclosed details of four vulnerabilities in [Dify]($1), an open-source agentic workflow platfo...
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
- **Swati Khandelwal**Jun 22, 2026Vulnerability / Server Security [*]($1) A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or sessi...
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
- **Swati Khandelwal**Jun 23, 2026Cryptography / Quantum Computing [*]($1) President Trump signed an [executive order on June 22]($1) setting hard deadlines for federal agencies to move high-valu...
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
- **Ravie Lakshmanan**Jun 17, 2026Endpoint Security / Vulnerability [*]($1) Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed [RoguePla...
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
- **Ravie Lakshmanan**Jun 18, 2026Vulnerability / Enterprise Security [*]($1) Cybersecurity researchers have charted the evolution of [INC]($1) from an nascent ransomware-as-a-service (RaaS) opera...
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
- **Ravie Lakshmanan**Jun 18, 2026Vulnerability / Cloud Security [*]($1) F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to ach...
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
- **Ravie Lakshmanan**Jun 19, 2026Mobile Security / Vulnerability [*]($1) Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited b...
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
- **Ravie Lakshmanan**Jun 19, 2026Data Breach / Cloud Security [*]($1) Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security i...
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
- **Swati Khandelwal**Jun 19, 2026Vulnerability / Software Supply Chain [*]($1) Microsoft researchers have detailed an exploit chain, named [AutoJack]($1), that turns an AI browsing agent into a d...
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
- **Ravie Lakshmanan**Jun 19, 2026Ransomware / Endpoint Security [*]($1) The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection...
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
- **Swati Khandelwal**Jun 19, 2026Hardware Security / Vulnerability [*]($1) Security researchers at Paradigm Shift have published a working exploit, dubbed **usbliter8**, that achieves arbitrary c...
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
- **Ravie Lakshmanan**Jun 20, 2026Vulnerability / Web Security [*]($1) Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on ...
Critical Copilot vulnerability allowed hackers to steal 2FA code from users
** Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only [Learn more]($...
Windows and Linux users: The deadline to update Secure Boot keys is near
** Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only [Learn more]($...
"Dangerous" AI models are coming no matter what
** Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only [Learn more]($...