Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios.
The post Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking appeared first on SecurityWeek.
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers
In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed.
The post Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers appeared first on SecurityWeek.
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April.
The post Recent Apache ActiveMQ Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Cursor AI Vulnerability Exposed Developer Devices
An indirect prompt injection could be chained with a sandbox bypass and Cursor’s remote tunnel feature for shell access to machines.
The post Cursor AI Vulnerability Exposed Developer Devices appeared first on SecurityWeek.
Splunk Enterprise Update Patches Code Execution Vulnerability
The flaw allows low-privileged users to upload files to a temporary directory to achieve remote code execution.
The post Splunk Enterprise Update Patches Code Execution Vulnerability appeared first on SecurityWeek.
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
Researchers found more than 80 high-impact cloud and AI vulnerabilities during the event, which had a $5 million prize pool.
The post Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest appeared first on SecurityWeek.
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software
To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched.
The post NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software appeared first on SecurityWeek.
Cisco Patches Critical Vulnerabilities in Webex, ISE
The flaws can be exploited remotely to impersonate users or execute arbitrary commands on the underlying OS.
The post Cisco Patches Critical Vulnerabilities in Webex, ISE appeared first on SecurityWeek.
Exploited Vulnerability Exposes Nginx Servers to Hacking
Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool.
The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on SecurityWeek.
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
Researchers warn that a flaw in Anthropic’s Model Context Protocol allows unsanitized commands to execute silently, enabling full system compromise across widely used AI environments.
The post ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks appeared first on SecurityWeek.
