Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue.
The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on SecurityWeek.
Oracle Debuts Monthly Critical Security Patch Updates
Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster.
The post Oracle Debuts Monthly Critical Security Patch Updates appeared first on SecurityWeek.
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls.
The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityWeek.
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
Dubbed Bleeding Llama, the heap out-of-bounds read issue can be exploited remotely, without authentication.
The post Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft appeared first on SecurityWeek.
Critical Remote Code Execution Vulnerability Patched in Android
CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction.
The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek.
Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
The most severe of these security defects could allow remote attackers to execute arbitrary code.
The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek.
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests.
The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.
WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year.
The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek.
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins
CISA has added the bug to its KEV list, and Microsoft has observed limited exploitation, mainly associated with PoC testing.
The post Exploitation of ‘Copy Fail’ Linux Vulnerability Begins appeared first on SecurityWeek.
Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access.
The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek.
