CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild.
The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
The vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector.
The post Critical Quest KACE Vulnerability Potentially Exploited in Attacks appeared first on SecurityWeek.
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.
The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek.
Critical ScreenConnect Vulnerability Exposes Machine Keys
Latest ScreenConnect version adds encrypted storage and management to prevent unauthorized access to machine keys.
The post Critical ScreenConnect Vulnerability Exposes Machine Keys appeared first on SecurityWeek.
Russian APT Exploits Zimbra Vulnerability Against Ukraine
Insufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser.
The post Russian APT Exploits Zimbra Vulnerability Against Ukraine appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability
The SharePoint remote code execution vulnerability CVE-2026-20963, which Microsoft patched in January, has been exploited in the wild.
The post CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability appeared first on SecurityWeek.
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks
Amazon found evidence that the FMC software vulnerability has been exploited since late January, and found links to Russia.
The post Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks appeared first on SecurityWeek.
The Collapse of Predictive Security in the Age of Machine-Speed Attacks
With exploitation of vulnerabilities taking just days, preemptive security must be the new model for defenders.
The post The Collapse of Predictive Security in the Age of Machine-Speed Attacks appeared first on SecurityWeek.
‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors
Targeting six iOS vulnerabilities and leading to full device compromise, the exploit chain is meant for surveillance.
The post ‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors appeared first on SecurityWeek.
Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch
Meta does not plan on fixing the vulnerability because it involves the use of a modified client application.
The post Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch appeared first on SecurityWeek.
