Page 1 of 10 · 763 stories from the last 30 days across 19 trusted sources.
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
1storyEPSS 99%Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
2storiesEPSS 92%In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
6storiesEPSS 88%A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
1storyEPSS 80%A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
1storyEPSS 71%An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
1storyEPSS 16%Phones and laptops ship with a feature that sends files to nearby devices over the air, with no cables, accounts, or prior pairing. Apple calls its version AirDrop. Google and Samsung call theirs Quick Share. Both run inside privileged background services that wake when anothe...
AVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vault. It also identifies suspicious calls and scam text messages and helps keep personal information private while using Wi...
Across the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub Advisory Database, which feeds automated security alerts to millions of projects, has reached a point w...
CISA has published an advisory to inform organizations about three vulnerabilities found by a researcher in Daktronics controllers. The post New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking appeared first on SecurityWeek.
AICVE-2026-46817, a critical Oracle E-Business Suite flaw (CVSS 9.8), is now actively exploited in attacks, according to Defused Cyber.
Open narrative →Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory A...
Containers power a large share of cloud-native applications, AI workloads, and testing and deployment pipelines. Developers working on Windows have long pulled in third-party software to build and run them. That step becomes optional with WSL containers, a feature that arrived...
CMMC requirements are appearing in defense contracts and moving down through supplier networks to thousands of companies new to this kind of compliance work. Many run on limited budgets with lean security teams. The picture comes from nearly 900 defense contractors, C3PAOs, fe...
AI Offensive Security Engineer AGAPI | UAE | On-site – View job details As an AI Offensive Security Engineer, you will leverage AI and LLMs to accelerate offensive security research, exploit development, vulnerability discovery, and security automation. You will validate AI-ge...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AIWhatsApp rolls out optional usernames, allowing users to hide their phone numbers when connecting with others on the platform.
Open narrative →The U.S. offers up to $10M for information on Russian hackers targeting Signal and WhatsApp accounts of officials and journalists. The U.S. government is offering rewards of up to $10 million for information leading to the identification of members of the Russian-linked groups...
AICritical SimpleHelp flaw CVE-2026-48558 exploited to deploy Djinn Stealer, a cross-platform infostealer targeting cloud and AI credentials.
Open narrative →The bill empowers the FTC to create a registry for sellers of AI agent software certifying their privacy and cybersecurity protections. The post Warner bill would create federally vetted list for secure, trustworthy AI agents appeared first on CyberScoop.
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. [...]
AIThe National Association of Insurance Commissioners (NAIC) confirmed that ShinyHunters stole only public data, outdated logs, and configuration files by exploiting an Oracle PeopleSoft zero-day, despite the group's claim of 3.1 TB exfiltrated.
Open narrative →Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
Police must get a warrant to request geofence data involving individual cellphones, the U.S. Supreme Court ruled in what represents a victory for privacy advocates.