Latest IntelligenceVulnerabilitiesPage 17
Search by keyword →
New “RedSun” Windows Defender zero-day exploited in the wild
A newly disclosed Windows zero-day vulnerability dubbed “RedSun” is being actively exploited in the wild, allowing attackers to gain SYSTEM privileges by abusin...
Microsoft: Some Windows servers enter reboot loops after April patches
Microsoft warns that some Windows domain controllers are entering restart loops after installing the April 2026 security updates. [...]...
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's P...
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web b...
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-se...
Robinhood account creation flaw abused to send phishing emails
Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users i...
CISA flags new SD-WAN flaw as actively exploited in attacks
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploite...
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without au...
Firefox flaw enables cross-site tracking, undermines Tor Browser defenses
A newly disclosed vulnerability in Firefox and Tor Browser allowed websites to generate a stable, process-level identifier using IndexedDB, undermining private ...
Multiple OpenClaw Vulnerabilities Enables Policy Bypass and Host Override
Cybersecurity researchers have recently disclosed three moderate-severity vulnerabilities in OpenClaw, an AI agent framework previously known as Clawdbot and Mo...
Notepad++ Vulnerability Allows Attackers to Crash Application, Leak Memory Data
A security vulnerability has been identified in Notepad++, one of the most widely used open-source text editors among developers and IT professionals. The vulne...
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Procedure Call (RPC) mechanism handles conn...
Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks
Google has fixed a critical security flaw in the Gemini CLI that could allow attackers to execute remote code in certain automated workflows. The issue affects ...
Incomplete Windows Patch Opens Door to Zero-Click Attacks
The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries. The post Incomplete Windows Patch Opens Door to Zero...
EU Proposes Requiring Google to Share User Search Data with Rival Search Engines
The European Commission has formally proposed measures requiring Google to share anonymized user search data with rival search engines and AI chatbots, marking ...
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
The tech giant found that many indirect prompt injection attempts are harmless, but some malicious exploits have also been identified. The post Malicious AI Pro...
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. The post Easily Exploitable ‘Pack2TheRoot’...
US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator
U.S. officials have announced a sweeping crackdown on Southeast Asian cyberscam operations as part of what U.S. Attorney Jeanine Pirro characterized Friday as a...
Firefox Vulnerability Allows Tor User Fingerprinting
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor...
pentest-ai-agents – 28 Claude Code Subagents for Penetration Testing
A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration testing workflows, transforming Anthropic...