CVE-2026-5483 is a high-severity vulnerability in Red Hat OpenShift AI's 'odh-dashboard'. It exposes Kubernetes Service Account tokens through a NodeJS endpoint, potentially granting unauthorized access. Immediate patching and strict access control reviews are advised.
CVE-2025-5804 is a high-severity local file inclusion vulnerability in the Case Theme User plugin for PHP. It allows arbitrary code execution via improper filename control. Upgrade to version 1.0.4 or later to mitigate this risk.
CVE-2025-58920 is a high-severity reflected XSS vulnerability affecting Zootemplate Cerato versions prior to 2.2.19. Users are at risk of script injection, compromising data security. Upgrade to version 2.2.19 and enforce input validation measures to protect against exploitation.
CISA's analysis of over one billion vulnerability records reveals an exploitation gap, emphasizing the need for improved response times and automation in security operations.
The US government has warned of targeted attacks on programmable logic controllers, identifying 179 vulnerable OT devices. Organizations must secure these assets against possible disruptions.
A new GlassWorm campaign variant uses a Zig dropper targeting developers by embedding itself in IDEs through a fraudulent WakaTime extension. Organizations must ensure the authenticity of IDE extensions and monitor systems to mitigate potential security breaches.
In September 2023, a vulnerability in CPUID's API allowed threat actors to replace download links on the official site with malicious versions of CPU-Z and HWMonitor. This incident affected global users by delivering trojanized executables, emphasizing the importance of robust API security.
Iranian-linked hackers target ICS and SCADA systems in U.S. critical infrastructure. APT33 exploits CVEs to disrupt operations in sectors like energy and transportation.
Orthanc DICOM server vulnerabilities enable remote code execution and server crashes, risking medical data. Immediate patching and network security enhancements are vital.
CVE-2023-14001 highlights a critical vulnerability in AI browser extensions, risking unauthorized data access. Organizations must ensure regular updates and monitoring to mitigate risks.
Google Chrome version 147 addresses two critical vulnerabilities in the WebML component. Reported by anonymous researchers, these flaws could lead to arbitrary code execution. Updating to the latest version is essential to mitigate risks.
Google has introduced end-to-end encryption for Gmail on Android and iOS, enabling enterprise users to secure email communications without external tools. Organizations should update apps and train users on these enhancements.