Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
Android Dirty Stream Path Traversal: Detecting and Patching App Exploits
Microsoft identifies Dirty Stream vulnerabilities in Android apps, allowing path traversal and unauthorized file manipulation. Learn how to secure your apps.
NIST to Prioritize High-Impact CVEs Amid NVD Enrichment Backlog
NIST adjusts National Vulnerability Database operations to focus on significant flaws, leaving lower-priority vulnerabilities without official metadata.
Edge Update Breaks Microsoft Teams Right-Click Paste Functionality
A recent Microsoft Edge browser update has disabled the right-click paste feature in the Microsoft Teams desktop client, impacting global user productivity.
protobuf.js RCE via CVE-2023-32731 — Mitigation Guide
Technical breakdown of CVE-2023-32731, a critical prototype pollution vulnerability in protobuf.js that enables remote code execution in JavaScript environments.
Nexcorium Mirai Variant Exploits CVE-2024-3721 in TBK DVR Botnet
Security researchers identify Nexcorium, a new Mirai variant targeting TBK DVRs and EoL TP-Link routers via CVE-2024-3721 for large-scale DDoS attacks.
NIST NVD Data Enrichment Cutbacks: Implications for Cyber Teams
NIST's reduction in NVD CVE data enrichment poses challenges for cyber teams' vulnerability management. Learn the implications and proposed industry solutions.
Microsoft Defender Zero-Days BlueHammer and RedSun Actively Exploited
Huntress warns of active exploitation of three Microsoft Defender vulnerabilities, including BlueHammer and RedSun, allowing for privilege escalation.
Claude Mythos Preview: Anthropic Limits Access to Vulnerability AI
Anthropic restricts Claude Mythos Preview access to critical infrastructure providers due to its advanced capability to exploit zero-day vulnerabilities.
CVE-2023-46604: Apache ActiveMQ RCE Exploited in the Wild
CISA warns of active exploitation for CVE-2023-46604, a critical RCE flaw in Apache ActiveMQ used by ransomware groups. Update to version 5.18.3 or later.
CVE-2026-34197: Apache ActiveMQ Exploit Added to CISA KEV Catalog
CISA alerts organizations to the active exploitation of CVE-2026-34197 in Apache ActiveMQ. Federal agencies must patch this input validation flaw immediately.
Cursor AI RCE via Indirect Prompt Injection — Mitigation Guide
Security researchers demonstrate how indirect prompt injection in Cursor AI could lead to full shell access on developer workstations. Patch immediately.
Windows Server Domain Controllers Hit by LSASS Reboot Loops
Microsoft confirms LSASS crashes causing persistent reboot loops on Windows Server Domain Controllers following the April 2024 security update cycle.