The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs.
The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek.
The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs.
The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek.
Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation.
The post Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters appeared first on SecurityWeek.
Oracle has released mitigations for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks.
The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek.
The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries.
The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek.
Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system.
The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek.
The security defects could allow attackers to create or modify arbitrary files and access and modify protected resources.
The post Splunk, Palo Alto Networks Patch Severe Vulnerabilities appeared first on SecurityWeek.
The PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode.
The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek.
The company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14.
The post Microsoft Patches Exploited Exchange Server Vulnerability appeared first on SecurityWeek.
Claroty researchers have analyzed the security of Vertiv UPS network cards and the Trane Tracer SC+ HVAC controller.
The post Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers appeared first on SecurityWeek.
Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM.
The post New Windows Zero-Day Exploit ‘RoguePlanet’ Released appeared first on SecurityWeek.