Latest IntelligenceVulnerabilitiesPage 18
Search by keyword →
Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools
A critical zero-day vulnerability in the Litecoin network was actively exploited to launch a denial-of-service (DoS) attack, temporarily disrupting operations a...
New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions
PhantomRPC, a newly identified architectural vulnerability in Windows Remote Procedure Call (RPC) that enables local privilege escalation to SYSTEM-level access...
Hackers Can Abuse Entra Agent ID Administrator Role to Hijack Service Principals
A critical scope overreach vulnerability was recently identified in the Microsoft Entra Agent Identity Platform. The newly introduced Agent ID Administrator rol...
Helping Romance Scam Victims Requires a Proactive, Empathic Approach
People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial, and government institutions to work together ...
Helping Romance Scam Victims Require a Proactive, Empathic Approach
People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial and government institutions to work together a...
Microsoft to roll out Entra passkeys on Windows in late April
Microsoft will roll out passkey support for phishing-resistant passwordless authentication to Microsoft Entra‑protected resources from Windows devices starting ...
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain roo...
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...
Xiongmai IP Camera Vulnerability Let Attackers Bypass Authentication and have Remote Access
Security cameras are designed to keep commercial facilities safe. However, a newly disclosed critical vulnerability in Hangzhou Xiongmai Technology’s XM53...
Python Vulnerability Allows Out-of-Bounds Write on Windows Systems
A security vulnerability has been discovered in Python’s Windows asyncio implementation, allowing attackers to trigger out-of-bounds memory writes through...
Hackers Can Exploit Ollama Model Uploads to Leak Sensitive Server Data
A critical, unpatched vulnerability has been discovered in Ollama, a widely used open-source platform for running Large Language Models locally. Tracked as CVE-...
Vulnerabilities Patched in CrowdStrike, Tenable Products
CrowdStrike has fixed a critical LogScale vulnerability, while Tenable addressed a high-severity Nessus flaw. The post Vulnerabilities Patched in CrowdStrike, T...
Bad Memories Still Haunt AI Agents
Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue threaten AI...
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
New analysis from Abnormal AI reveals how attackers have abandoned technical exploits to weaponize routine workflows and internal trust. The post The Behavioral...
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. ...
AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers
Palo Alto Networks has developed Zealot, a multi-agent penetration testing PoC capable of reconnaissance, exploitation, and exfiltration. The post AI Can Auton...
Recent Microsoft Defender Vulnerability Exploited as Zero-Day
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploite...
New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to ...
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication. The post Mirai Botnet Targets...
Google Antigravity in Crosshairs of Security Researchers, Cybercriminals
Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware. The post Google Antigravity in Cros...