CVE-2026-35470 is a critical SQL injection vulnerability in OpenSTAManager versions before 2.10.2, allowing attackers with authentication to execute arbitrary SQL commands. Update to version 2.10.2 immediately.
Microsoft has phased out the Support and Recovery Assistant (SaRA) from Windows updates as of March 10, 2023. The removal affects the diagnostic tools used within enterprises, urging a shift to alternative methods for system troubleshooting. IT departments need to adopt new protocols and ensure continued system security.
Storm-1175, a China-based cybercriminal group, exploited zero-day vulnerabilities in Medusa ransomware attacks against enterprises in October 2023. The group's methods included leveraging vulnerabilities in Microsoft Exchange and Oracle WebLogic. Affected companies face ransom demands and data leaks.
CVE-2026-34950 is a critical vulnerability affecting the fast-jwt library up to version 6.1.0. A regex flaw allows JWT algorithm confusion attacks. Update fast-jwt to mitigate.
CVE-2026-34379 is a critical vulnerability in OpenEXR impacting versions 3.2.0-3.4.8, causing potential crashes and exploitation. Immediate updates are essential.
CVE-2025-47391 is a high-severity memory corruption vulnerability in XYZ Software that could allow arbitrary code execution. Immediate patching and monitoring are essential.
DPRK-linked threat actors are using GitHub as command-and-control infrastructure in multi-stage attacks on South Korean organizations. The campaign employs obfuscated LNK files, posing significant detection challenges.
CISA has mandated federal agencies to secure FortiClient EMS against an actively exploited vulnerability, CVE-2023-27997. The flaw, an authentication bypass, threatens unauthorized access and data breaches. Agencies must apply patches, monitor traffic, and restrict access to prevent exploitation.
Google DeepMind researchers have discovered a vulnerability named 'AI Agent Traps' affecting AI systems interacting with web content. This issue allows threat actors to deceive and exploit AI agents through malicious web pages.
UAT-10608 exploits Next.js vulnerabilities to steal sensitive data by targeting exposed applications. Security teams must act swiftly to mitigate risks.
The EU AI Act introduces new cybersecurity regulations for AI in healthcare. Healthcare providers must enhance security measures to comply, mitigating risks and avoiding penalties.
CVE-2023-XXXX affects ProductX by CompanyY, enabling remote code execution. Urgent patching and network restrictions are necessary to mitigate risks.