All news with #vulnerability disclosure tag

🛡️ Cisco Talos’ Vulnerability Discovery & Research team disclosed multiple vulnerabilities affecting Microsoft DirectX, OpenCFD OpenFOAM, and the BioSig project’s libbiosig library. Most issues have been patched by their respective vendors in accordance with Cisco’s disclosure policy, while the DirectX local privilege escalation remains unpatched. Talos published detailed advisories and Snort rule guidance to detect exploitation. Affected CVEs include CVE-2025-68623, CVE-2025-61982, CVE-2025-64736, CVE-2026-22891, and CVE-2026-20777.

⚠️ Cybersecurity researchers disclosed multiple critical vulnerabilities in the n8n workflow automation platform that can lead to remote code execution and the exposure of stored credentials. The principal issues include an expression sandbox escape (CVE-2026-27577) and an unauthenticated Form-node expression injection (CVE-2026-27493). n8n has released fixes in 1.123.22, 2.9.3 and 2.10.1 and recommends immediate patching; short-term mitigations and node exclusions are available for users who cannot upgrade immediately.

⚠️ HPE Aruba Networking released patches for five vulnerabilities in AOS-CX switch software, including a critical web-management flaw that allows unauthenticated remote actors to bypass authentication and potentially reset administrator credentials. The most severe issue, CVE-2026-23813 (CVSS 9.8), can be triggered entirely over the network without user interaction. Additional CLI command-injection vulnerabilities and an open-redirect flaw were also fixed; administrators should apply updates and restrict management interfaces immediately.

🧟 A new 'Zombie ZIP' technique hides malware by declaring compressed entries as uncompressed, causing many AV and EDR engines to misinterpret DEFLATE data as raw bytes and miss signatures. Researcher Chris Aziz reported it bypassed 50 of 51 VirusTotal engines and published a PoC with sample archives. CERT/CC assigned CVE-2026-0866 and advises vendors to validate compression method fields and implement integrity checks.

🔒 Microsoft has released the Windows 10 KB5078885 extended security update for Enterprise LTSC and ESU devices. Install via Settings → Windows Update to move systems to build 19045.7058 (or 19044.7058 for LTSC 2021); the update consolidates March 2026 Patch Tuesday fixes that address 79 vulnerabilities, including two actively exploited zero-days. It also fixes a shutdown/hibernation bug and advances a controlled rollout of new Secure Boot certificates to maintain boot-time validation.

🔒 Microsoft's March 2026 Patch Tuesday addresses 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws. Notable fixes include two Office remote code execution bugs exploitable via the preview pane and an Excel information-disclosure issue that could enable data exfiltration via Copilot. Administrators should prioritize Office, Windows and Azure updates immediately.

🛡️ Microsoft released cumulative updates KB5079473 and KB5078883 for Windows 11 (25H2/24H2 and 23H2) delivering the March 2026 Patch Tuesday security fixes, bug repairs, and new features. These mandatory updates can be installed via Start > Settings > Windows Update or downloaded from the Microsoft Update Catalog, and will increment build numbers for each channel. Highlights include expanded Secure Boot certificate targeting, a native Sysmon option, Emoji 16.0 additions, Quick Machine Recovery, and multiple reliability and UX improvements.

🔒 HPE has released patches for multiple vulnerabilities in the AOS-CX network OS, including a critical authentication bypass (CVE-2026-23813) that can allow unauthenticated actors to reset administrator passwords via the web management interface. The company reports no known public exploits at publication. Until updates are applied, HPE recommends isolating management interfaces, enforcing ACLs, disabling unnecessary HTTP(S) on SVIs and routed ports, and increasing logging and monitoring.

🧠 In February 2026, cybersecurity firm Oversecured audited 10 popular Android mental‑health apps and found 1,575 vulnerabilities — 54 rated critical — across apps with a combined 14.7M+ installs. Findings include insecure local storage, hardcoded API endpoints, weak token generation using java.util.Random, and no root detection, contradicting many apps’ claims of full encryption. The report highlights the real risk of exposure of therapy transcripts, mood logs, and medication data and urges users to review permissions, update apps, and avoid third‑party sign‑ins.

⚠️ A vulnerability in Ceragon / Siklu EtherHaul and MultiHaul microwave antennas allows unauthenticated uploads to any writable path via the rfpiped service on TCP port 555. File metadata uses weak encryption while file contents are transmitted in cleartext, and no authentication or path validation is performed. The issue is tracked as CVE-2025-57176 with a CVSS v3.1 base score of 5.3. Vendor firmware updates are available and should be applied promptly.

🔒Apeman ID71 cameras contain multiple remote-exploitable vulnerabilities, including CVE-2025-11126, CVE-2025-11851, and CVE-2025-11852. One issue, CVE-2025-11126, carries a CVSS v3.1 base score of 9.8 and involves insufficiently protected credentials. Proof-of-concept exploits for all three have been publicly disclosed and the vendor did not respond to coordination; CISA recommends isolating devices and minimizing network exposure.

⚠️ Lantronix EDS3000PS and EDS5000 devices contain multiple critical vulnerabilities, including OS command injection and authentication bypass, some exploitable without authentication, that can result in root-level code execution. Affected firmware versions include EDS3000PS 3.1.0.0R2 and EDS5000 2.1.0.0R3, with several CVEs rated CVSS 9.8. Lantronix has published firmware updates to 3.2.0.0R2 and 2.2.0.0R1. Operators should apply updates, restrict network exposure, and follow CISA mitigation guidance.

🔒 Cloudflare disclosed multiple HTTP/1.x request smuggling vulnerabilities in the open-source Pingora framework (CVE-2026-2833, CVE-2026-2835, CVE-2026-2836) that can desynchronize proxy and backend request framing when Pingora is used as an ingress proxy. The issues — reported by Rajat Raghav via Cloudflare’s bug bounty — allow bypass of proxy-layer checks, cross-user hijacking, or cache poisoning in exposed standalone deployments. Cloudflare confirmed its CDN and customer traffic were not affected and released fixes and hardening in Pingora 0.8.0. If you run Pingora as a proxy, upgrade to 0.8.0 as soon as possible.

⚠️ CISA has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2021-22054 (Omnissa Workspace ONE SSRF), CVE-2025-26399 (SolarWinds Web Help Desk insecure deserialization), and CVE-2026-1603 (Ivanti Endpoint Manager authentication bypass). BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate listed KEV entries by the specified deadlines. CISA strongly urges all organizations to prioritize timely patching and mitigation to reduce exposure to active exploitation.

🔍 Anthropic reported discovering 22 new vulnerabilities in the Firefox browser using Claude Opus 4.6 during a two-week assessment in January 2026. Fourteen issues were rated high, seven moderate and one low, and most were patched in Firefox 148. The model detected a JavaScript use-after-free bug in about 20 minutes, which researchers validated in a virtualized environment. When tasked to produce exploits the model succeeded only twice after many attempts and roughly $4,000 in API spend, underscoring that discovery is cheaper than reliable exploitation.

⚠️ Researchers at Imperva disclosed a configuration weakness in the OAuth credential handling of n8n that fails to sanitize the authorization URL, enabling a stored XSS payload to be saved in the application database. An attacker with access to a victim's n8n instance can replace a legitimate URL with malicious JavaScript that executes when other users interact with the same credential. Because the payload is persistent, it can expose multiple OAuth credentials and enable broader system compromise. The flaw was fixed in n8n v2.6.4 on February 6.

🔒 CISA added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog affecting Hikvision and Rockwell Automation. CVE-2017-7921 (CVSS 9.8) is an improper authentication flaw that can enable privilege escalation and exposure of sensitive information in multiple Hikvision products. CVE-2021-22681 (CVSS 9.8) involves insufficiently protected credentials in Studio 5000 Logix Designer, RSLogix 5000 and Logix Controllers, which can allow an unauthorized network user to bypass verification and modify controller configuration or application code. SANS has detected exploit attempts targeting vulnerable Hikvision cameras; there are no public reports of active attacks exploiting the Rockwell issue. Federal civilian agencies are required to update to supported software by March 26, 2026 under BOD 22-01, and CISA urges all organizations to prioritize remediation of KEV-listed vulnerabilities.

⚠️ A critical vulnerability in the User Registration & Membership WordPress plugin (CVE-2026-1492, CVSS 9.8) is being actively exploited to create unauthenticated administrator accounts. The flaw allows attackers to supply a role during membership registration and obtain full admin privileges. Defiant's Wordfence blocked over 200 exploit attempts in the past 24 hours, indicating live attacks. WPEverest released a fix in 5.1.3 (the article notes 5.1.4 was released last week); update immediately or disable the plugin until you can patch.

🚨 Cisco released its March 4 semiannual firewall update addressing 25 security advisories and 48 CVEs, led by two “perfect 10” flaws in Secure Firewall Management Center (FMC). CVE-2026-20079 (authentication bypass) and CVE-2026-20131 (insecure deserialization) both carry CVSS scores of 10 and can yield unauthenticated root access via the web management interface. Cisco reports no known exploitation yet and offers no workarounds; administrators should remove public FMC exposure until patches can be applied.

🔔 CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The new entries affect Hikvision, Rockwell, and multiple Apple products and include CVE-2017-7921, CVE-2021-22681, CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000. Under BOD 22-01 Federal Civilian Executive Branch agencies must remediate listed CVEs by the required due dates; CISA strongly urges all organizations to prioritize timely remediation to reduce exposure to common attack vectors.