A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads.
The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek.
Critical ShareFile Flaws Lead to Unauthenticated RCE
The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server.
The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek.
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI.
The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on SecurityWeek.
Apple Rolls Out DarkSword Exploit Protection to More Devices
The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors.
The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek.
Cisco Patches Critical and High-Severity Vulnerabilities
The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation.
The post Cisco Patches Critical and High-Severity Vulnerabilities appeared first on SecurityWeek.
Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
Google has announced fixes for CVE-2026-5281, a zero-day affecting Chrome’s Dawn component.
The post Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome appeared first on SecurityWeek.
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests.
The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs
Remotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years.
The post StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs appeared first on SecurityWeek.
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise
Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens.
The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise appeared first on SecurityWeek.
Exploitation of Fresh Citrix NetScaler Vulnerability Begins
The critical-severity flaw leaks application memory and can be exploited to obtain authenticated administrative session IDs.
The post Exploitation of Fresh Citrix NetScaler Vulnerability Begins appeared first on SecurityWeek.
