#cve-2025-40551

[ follow ]
#cybersecurity #vulnerabilities #vulnerability #malware #data-breach #ransomware #ai #supply-chain-attack
#cybersecurity
Careers
fromEntrepreneur
4 days ago

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.
Information security
fromTheregister
7 hours ago

CISA flags data-theft bug in NSA-built OT networking tool

CISA warns of a vulnerability in GrassMarlin that could expose sensitive information due to insufficient XML parsing hardening.
Information security
fromThe Hacker News
1 day ago

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

A critical vulnerability in GitHub allows remote code execution via a single 'git push' command due to improper input sanitization.
Privacy professionals
fromThe Hacker News
1 day ago

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

A critical security flaw in LeRobot allows unauthenticated remote code execution due to unsafe deserialization of data.
Careers
fromEntrepreneur
4 days ago

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.
Information security
fromThe Hacker News
6 hours ago

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

A new supply chain attack campaign targets SAP-related npm packages with credential-stealing malware, affecting multiple versions and compromising developer environments.
Information security
fromTheregister
7 hours ago

CISA flags data-theft bug in NSA-built OT networking tool

CISA warns of a vulnerability in GrassMarlin that could expose sensitive information due to insufficient XML parsing hardening.
Information security
fromThe Hacker News
1 day ago

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

A critical vulnerability in GitHub allows remote code execution via a single 'git push' command due to improper input sanitization.
more#cybersecurity
fromSecurityWeek
13 hours ago

38 Vulnerabilities Found in OpenEMR Medical Software

"In the most severe cases, SQL injection vulnerabilities combined with modest database privileges could have led to full database compromise, PHI exfiltration at scale, and remote code execution on the server."
Healthcare
DevOps
fromThe Hacker News
11 hours ago

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Exposure management platforms vary in effectiveness, and security leaders need to evaluate them based on their ability to reduce actual risk.
Software development
fromDevOps.com
1 day ago

The Code Doesn't Care Who Wrote It: Why Context, Not AI Fear, Will Define Modern Application Security - DevOps.com

AI is now integral to software development, enhancing productivity despite existing corporate policies that restrict its use.
Remote teams
fromComputerworld
1 day ago

Why security matters in the meeting room

Security is now the top priority for organizations selecting collaboration technology, surpassing price and quality.
Cryptocurrency
fromnews.bitcoin.com
1 day ago

Litecoin Postmortem: MWEB Bug Let Attacker Fake 85,034 LTC Pegout Before Devs Froze Funds

A critical bug in Litecoin's MWEB allowed an attacker to inflate 85,034 LTC, triggering a chain reorganization affecting NEAR Intents.
Privacy technologies
fromCNET
1 day ago

The Tools That Convinced Me to Take Browser Security More Seriously

Online platforms collect extensive data about users, often through cookies, which can lead to targeted advertising and privacy concerns.
Information security
fromSecurityWeek
10 hours ago

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

A critical SQL injection vulnerability in LiteLLM was exploited shortly after disclosure, allowing unauthorized access to sensitive database information.
#ai
DevOps
fromDevOps.com
23 hours ago

When AI Goes Really, Really Wrong: How PocketOS Lost All Its Data - DevOps.com

A misconfiguration and AI error led to the complete loss of PocketOS's car-rental customer data, but it was later recovered.
DevOps
fromDevOps.com
23 hours ago

When AI Goes Really, Really Wrong: How PocketOS Lost All Its Data - DevOps.com

A misconfiguration and AI error led to the complete loss of PocketOS's car-rental customer data, but it was later recovered.
more#ai
#data-breach
more#data-breach
#github
Information security
fromThe Verge
13 hours ago

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub fixed a critical vulnerability in under six hours, preventing potential access to millions of repositories.
DevOps
fromInfoQ
1 day ago

GitHub Uses eBPF to Eliminate Deployment Risks and Prevent Circular Failures

GitHub enhances deployment safety using eBPF to detect and prevent circular dependencies during outages.
Information security
fromInfoWorld
11 hours ago

Critical GitHub RCE bug exposed millions of repositories

GitHub patched a critical vulnerability in GitHub Enterprise Server, but 88% of instances remained exposed at public disclosure.
Information security
fromSecurityWeek
16 hours ago

Critical GitHub Vulnerability Exposed Millions of Repositories

A critical vulnerability in GitHub allowed remote code execution, exposing millions of repositories, but was quickly addressed by the company.
Information security
fromThe Verge
13 hours ago

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub fixed a critical vulnerability in under six hours, preventing potential access to millions of repositories.
DevOps
fromInfoQ
1 day ago

GitHub Uses eBPF to Eliminate Deployment Risks and Prevent Circular Failures

GitHub enhances deployment safety using eBPF to detect and prevent circular dependencies during outages.
Information security
fromInfoWorld
11 hours ago

Critical GitHub RCE bug exposed millions of repositories

GitHub patched a critical vulnerability in GitHub Enterprise Server, but 88% of instances remained exposed at public disclosure.
Information security
fromSecurityWeek
16 hours ago

Critical GitHub Vulnerability Exposed Millions of Repositories

A critical vulnerability in GitHub allowed remote code execution, exposing millions of repositories, but was quickly addressed by the company.
more#github
Privacy professionals
fromSecurityWeek
1 day ago

Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak

Medtronic confirmed a hack by ShinyHunters, claiming millions of records were stolen, but asserts no impact on patient safety or operations.
Node JS
fromNist
2 weeks ago

NVD

Axios library versions prior to 1.15.0 are vulnerable to Prototype Pollution, leading to Remote Code Execution and Full Cloud Compromise.
#microsoft
Information security
fromThe Hacker News
1 day ago

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft acknowledged active exploitation of a high-severity security flaw in Windows Shell, now patched, allowing unauthorized access to sensitive information.
Information security
fromSecurityWeek
2 weeks ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
Information security
fromThe Hacker News
1 day ago

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft acknowledged active exploitation of a high-severity security flaw in Windows Shell, now patched, allowing unauthorized access to sensitive information.
Information security
fromTechRepublic
2 weeks ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.
Information security
fromSecurityWeek
2 weeks ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
more#microsoft
#open-source
DevOps
fromTechCrunch
1 day ago

Red Hat's OpenClaw maintainer just made enterprise Claw deployments a lot safer | TechCrunch

Tank OS simplifies the deployment and management of OpenClaw agents, enhancing safety and maintenance for power users and IT professionals.
Information security
fromTechzine Global
1 day ago

Malicious Python package poses new supply chain threat

The open-source package elementary-data was compromised, leading to the publication of a malicious version that stole sensitive user credentials.
DevOps
fromTechCrunch
1 day ago

Red Hat's OpenClaw maintainer just made enterprise Claw deployments a lot safer | TechCrunch

Tank OS simplifies the deployment and management of OpenClaw agents, enhancing safety and maintenance for power users and IT professionals.
Information security
fromTechzine Global
1 day ago

Malicious Python package poses new supply chain threat

The open-source package elementary-data was compromised, leading to the publication of a malicious version that stole sensitive user credentials.
more#open-source
Information security
fromThe Hacker News
17 hours ago

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

A critical SQL injection vulnerability in BerriAI's LiteLLM package is actively exploited within 36 hours of disclosure, allowing unauthorized database access.
Node JS
fromNist
3 weeks ago

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.
#checkmarx
more#checkmarx
fromNist
1 month ago

NVD

Prior to version 3.20.0, using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime in a Next.js App Router could lead to race conditions, allowing concurrent requests to read incorrect context.
fromSecuritymagazine
23 hours ago

Connected Security: How Proactive Real-Time Tech Keeps Security Workers Safe

Security guards and law enforcement personnel are usually the first professionals to provide help in a public emergency and as a result, also experience some of the highest rates of workplace violence in any occupation.
Information security
Information security
fromSecurityWeek
2 days ago

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Incomplete patching of Windows vulnerabilities led to new zero-click attack vectors, enabling credential theft without user interaction.
fromArs Technica
12 hours ago

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Current evidence indicates that this data originated from Checkmarx's GitHub repositories, and that access to those repositories was facilitated through the initial supply chain attack of March 23, 2023.
Information security
Information security
fromSecurityWeek
1 day ago

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.
Information security
fromThe Hacker News
1 day ago

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

AI agents in Microsoft Entra ID can lead to privilege escalation and identity takeover attacks due to a security flaw in the Agent ID Administrator role.
#malware
Information security
fromInfoWorld
22 hours ago

More fake extensions linked to GlassWorm found in Open VSX code marketplace

73 new fraudulent extensions have been added to the Open VSX marketplace, continuing supply chain attacks that download GlassWorm malware.
Information security
fromThe Hacker News
2 days ago

Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

New malware fast16 predates Stuxnet, targeting high-precision software to subtly alter calculations, potentially causing significant failures.
Information security
fromTheregister
5 days ago

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.
more#malware
Information security
fromTechCrunch
10 hours ago

Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry | TechCrunch

Sri Lanka is investigating missing payments and cyber thefts linked to hackers targeting its financial systems.
Information security
fromTheregister
1 day ago

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.
Information security
fromSecurityWeek
2 days ago

Easily Exploitable 'Pack2TheRoot' Linux Vulnerability Leads to Root Access

A high-severity vulnerability in PackageKit allows unprivileged users to install packages with root privileges, tracked as CVE-2026-41651.
Information security
fromThe Hacker News
2 days ago

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side

AI systems like Claude Mythos can identify vulnerabilities quickly, but organizations struggle to remediate them effectively.
Information security
fromSecurityWeek
2 days ago

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

OpenSSH versions have a vulnerability allowing root access via certificate misconfiguration, undetectable by log-based systems.
Information security
fromSecurityWeek
1 day ago

The Mythos Moment: Enterprises Must Fight Agents with Agents

Agentic AI poses significant cyber risks by autonomously identifying and exploiting software vulnerabilities, necessitating advanced defensive measures.
Information security
fromThe Hacker News
5 days ago

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity SSRF vulnerability in LMDeploy is actively exploited, allowing attackers to access sensitive data and internal networks.
Information security
fromSecurityWeek
2 days ago

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google's research reveals an increase in indirect prompt injection attacks on AI, though their sophistication remains relatively low.
Information security
fromSecurityWeek
6 days ago

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.
fromSecurityWeek
5 days ago

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem.
Information security
Information security
fromTechRepublic
1 week ago

Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed

Over 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing flaw, CVE-2026-32201, posing significant security risks.
fromSecuritymagazine
6 days ago

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.
Information security
#oracle
Information security
fromSecurityWeek
1 week ago

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Oracle released 481 new security patches in April 2026, addressing vulnerabilities across 28 product families, with many remotely exploitable without authentication.
Information security
fromTechzine Global
1 month ago

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.
more#oracle
Information security
fromIT Brew
6 days ago

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.
Information security
fromTNW | Next-Featured
1 week ago

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.
#cisco
Information security
fromThe Hacker News
1 week ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
1 week ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
Information security
fromThe Hacker News
1 week ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
1 week ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
more#cisco
Information security
fromSecurityWeek
2 weeks ago

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.
Information security
fromThe Hacker News
2 weeks ago

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.
fromThe Hacker News
4 weeks ago

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
Information security
Information security
fromSecurityWeek
2 months ago

BeyondTrust Patches Critical RCE Vulnerability

Critical unauthenticated RCE (CVE-2026-1731, CVSS 9.9) affects BeyondTrust RS and PRA; patches are available and many internet-accessible on-prem deployments are likely exposed.
Information security
fromTheregister
2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.
[ Load more ]