Sårbarhetsflöden

Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns predicated on speed.

By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders as benign and return sensitive data to the attacker's server.

New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands. The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek.

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under…

The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. The post The New Rules of Engagement: Matching Agentic Attack Speed appeared first on SecurityWeek.

The startup has created a layered security solution aiming to secure AI agents throughout their entire lifecycle. The post Trent AI Emerges From Stealth With $13 Million in Funding appeared first on SecurityWeek.

In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon…

The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.

A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8),…

Dark Reading's Kelly Jackson Higgins shares insights on the past, present, and future of cybersecurity after attending RSAC 2026 Conference.

As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making.

A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn't improving results.

A critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update. The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek.

Updated information to include CVSS scores. This is an informational change only.

By targeting Grafana’s AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards. The post GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data appeared first on SecurityWeek.

Join the live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. The post Webinar Today: Why Automated Pentesting Alone Is Not Enough appeared first on SecurityWeek.

AI dominated the RSAC 2026 Conference and showed it's still humans in cybersecurity who matter most.

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously…

Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges. The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack appeared first on SecurityWeek.

When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is…

The group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access. The post Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems appeared first on SecurityWeek.

Fortinet har publicerat information om en kritisk sårbarhet i Fortinet FortiClient EMS. [1] Det finns observationer som tyder på att sårbarheten utnyttjas aktivt. Fortinet har publicerat en säkerhetsuppdatering och uppmanar användare att installera den.

Shchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations. The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek.

Information published.

Information published.

Information published.

Information published.

Information published.

Information published.

Information published.

New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have…

Information published.

Information published.

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing…

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a…

PRT-scan is the second campaign in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration.

The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns.

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.

An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out…

Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack…

An emerging threat cluster tracked as UAT-10608 is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to exfiltrate credentials, secrets, and other system data.

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | Åtgärd: Apply mitigations per vendor instructions,…

CVSSv3 Score: 9.1 An Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.Fortinet has observed this to be exploited in the…

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with…

Den senaste tiden har det noterats flera leveranskedjeangrepp, senast genom Axios JavaScript-bibliotek. Australiens cybersäkerhetscenter har tagit fram en bra sammanfattning om den senaste tidens händelser, som finns att läsa nedan.

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the…

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is…

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more…

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an…

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of…

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to…

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due…

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the…

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists…

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to…

Ingen sammanfattning tillgänglig.

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based…

StepSecurity informerar om ett skadligt Axios JavaScript-bibliotek som funnits tillgängligt för nedladdning via NPM. [1] Enligt Socradar rör det sig om uppskattningsvis knappt tre timmar innan det togs bort. Vid installation laddas en…

Vid uppsättning av en klientorganisation (engelska: tenant) i Microsofts molnmiljö är flexibiliteten hög och nya funktioner läggs till kontinuerligt. CERT-SE uppmanar organisationer att regelbundet se över aktiverade, eller inaktiverade,…

Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread. | Åtgärd: Apply…

I veckans brev från CERT-SE finner du en inbjudan till CERT-SE:s introduktionsutbildning i MISP. Utbildningen fokuserar på den praktiska användningen av MISP samt hur du kan använda verktyget i din vardag. Du kan även läsa om ett angrepp…

F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud…

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any…

Oracle informerar om en kritisk sårbarhet (CVE-2026-21992) i Oracle Identity Manager och Oracle Web Services Manager. Sårbarheten har fått en klassning på 9.8 enligt CVSS 3.1. [1]

Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or…

Citrix har publicerat information om sårbarheten CVE-2026-3055 som påverkar NetScaler Gateway och NetScaler ADC. Sårbarheten beskrivs som kritisk och har fått en CVSS v4.0-klassning på 9.3. [1]

I veckobrevet hittar du information om ett flertal sårbarheter, bland annat gällande Microsoft SharePoint och hur en sårbarhet i Cisco FMC nu exploateras. Du finner även nyheter, rapporter och analyser inom cybersäkerhetsområdet från veckan som har gått.

Roundcube informerar om en säkerhetsuppdatering som åtgärdar flera sårbarheter i Roundcube Webmail. Ingen av sårbarheterna har i nuläget tilldelats CVE eller CVSS-klassificering. Den som framstår som mest allvarlig har enligt CERT-SE:s…

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of…

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01…

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes. | Åtgärd: Apply mitigations per vendor…

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow a privileged attacker with super-admin…

CVSSv3 Score: 6.0 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEBUI may allow a privileged attacker with super-admin profile and CLI access to delete…

CVSSv3 Score: 3.4 An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and FortiAnalyzer may allow an attacker to bypass bruteforce protections via exploitation of race conditions. Revised on 2026-03-10 00:00:00

CVSSv3 Score: 7.3 An Improper Control of Interaction Frequency vulnerability [CWE-799] in FortiWeb may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends…

CVSSv3 Score: 7.7 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or…

CVSSv3 Score: 7.0 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The…

CVSSv3 Score: 6.5 A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daemon may allow a remote privileged attacker with admin profile to…

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

CVSSv3 Score: 5.3 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency…

Ingen sammanfattning tillgänglig.

CVSSv3 Score: 9.8 CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially…

Ingen sammanfattning tillgänglig.

F5 Networks har publicerat en större mängd sårbarhetsuppdateringar gällande produkterna BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, och APM Clients [1]. Uppdateringarna är en åtgärd som svar på ett tidigare cyberangrepp mot F5…

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information…

A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls.…

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file…

A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper…

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.

2.5 million people were affected, in a breach that could spell more trouble down the line.

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.