A critical vulnerability has been discovered in the Ninja Forms File Uploads add-on for WordPress. This flaw allows unauthenticated file upload, leading to potential remote code execution. Users are urged to update their systems immediately.
CVE-2026-39369 affects WWBN AVideo versions 26.0 and earlier, allowing authenticated users to read sensitive server files via path traversal. Upgrade immediately to secure affected systems.
CVE-2023-XXXX affects AI systems parsing web content, allowing data exfiltration through malicious commands. Enterprises across sectors are urged to patch affected systems.
CVE-2026-39344 is a high-severity Reflected XSS vulnerability in ChurchCRM versions before 7.1.0, allowing attackers to inject JavaScript through the login page. Users should update to version 7.1.0 to mitigate this risk.
Anthropic has launched 'Claude Mythos' under Project Glasswing to secure software against AI-driven threats. Despite its defensive benefits, potential misuse poses significant risks, making responsible adoption vital.
CVE-2026-39329 is an SQL injection vulnerability in ChurchCRM versions prior to 7.1.0. Exploited via the newEvtTypeCntLst parameter, it allows authenticated users with AddEvent privileges to manipulate SQL queries. Upgrade to version 7.1.0 or later to mitigate.
CVE-2026-35573 is a critical vulnerability in ChurchCRM versions before 6.5.3 allowing remote code execution. Authenticated admins can manipulate file uploads to overwrite `.htaccess` files. Upgrade to mitigate.
CVE-2026-24173 is a high-severity vulnerability in NVIDIA Triton Inference Server, enabling denial of service via malformed requests. Affected organizations should upgrade and implement input validation.
A critical vulnerability involving webshells on web servers allows attackers to maintain persistence and unauthorized access. Exploiting RCE flaws, this affects various industries, urging robust patching and monitoring.
Iranian-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs in U.S. critical infrastructure sectors, focusing on energy and water management. The campaign exploits critical vulnerabilities to manipulate control systems.
AI-powered vulnerability exploitation is increasing, with attackers targeting open-source and commercial software. Organizations must enhance defenses with AI-driven detection and regular patch updates.
The Forest Blizzard APT group exploits vulnerabilities in outdated routers to intercept Microsoft Office user tokens. Over 18,000 networks are affected due to DNS hijacking without deploying traditional malware. Swift security updates and DNS configurations are necessary to mitigate risks.