Briefs

An anonymous remote attacker can exploit a vulnerability in Apache CXF to perform a denial of service attack and disclose sensitive information.

Blinko versions before 1.8.4 are vulnerable to OS Command Injection (CWE-78), where the MCP server creation function allows specifying arbitrary commands and arguments that are executed when testing the connection, potentially leading to code execution for attackers with high privileges.

An unauthenticated remote attacker can exploit CVE-2026-3509 in the CODESYS Control runtime system to control the format string of messages processed by the Audit Log, leading to a denial-of-service (DoS) condition.

A remote, anonymous attacker can exploit a vulnerability in the zipfile module of CPython to manipulate files on affected systems.

A heap buffer overflow vulnerability (CVE-2026-4675) exists in Google Chrome's WebGL implementation prior to version 146.0.7680.165, allowing a remote attacker to perform an out-of-bounds memory read via a specially crafted HTML page, potentially leading to information disclosure or arbitrary code execution.

A phishing campaign abuses Microsoft's Device Code OAuth flow to gain access to cloud-based file storage and document workflow platforms, bypassing traditional credential harvesting.

A memory safety vulnerability (CVE-2026-4720) in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 could lead to memory corruption and potential arbitrary code execution if successfully exploited.

GoHarbor Harbor version 2.15.0 and below is vulnerable to the use of hard-coded credentials, allowing an attacker to use the default password and gain unauthorized access to the web UI.

A remote attacker can exploit a heap buffer overflow vulnerability (CVE-2026-4673) in Google Chrome's WebAudio component before version 146.0.7680.165 by crafting a malicious HTML page, potentially leading to an out-of-bounds memory write and arbitrary code execution.

Unauthenticated remote shell injection vulnerability exists in Langflow GitHub Actions workflows prior to version 1.9.0, enabling attackers to execute arbitrary shell commands via malicious branch names or pull request titles due to unsanitized GitHub context variable interpolation, leading to potential secret exfiltration and supply chain compromise.

A path traversal vulnerability in Langflow versions before 1.7.1 allows unauthenticated attackers to read sensitive files via the download_profile_picture endpoint due to insufficient filtering of the folder_name and file_name parameters.

The LiteLLM package was compromised and infected with credential-stealing code through a supply chain attack leveraging the Trivy vulnerability scanner.

Multiple vulnerabilities exist in GnuPG and Gpg4win that could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Since August 2025, threat actors have been impersonating Palo Alto Networks talent acquisition staff in a sophisticated phishing campaign targeting senior professionals, using social engineering tactics to solicit fraudulent resume fees.

A remote, authenticated attacker can exploit multiple vulnerabilities in IBM WebSphere Application Server Liberty to escalate privileges, bypass security measures, and disclose information.

A remote, authenticated attacker can exploit a vulnerability in TIBCO ActiveMatrix and TIBCO Administrator to disclose information and manipulate data, potentially leading to unauthorized access and control.

A vulnerability in Langflow allows an attacker to execute arbitrary code, potentially leading to system compromise.

The M-Trends 2026 report highlights the increasing sophistication of threat actors, including voice phishing attacks targeting SaaS environments, ransomware groups actively destroying recovery capabilities, and espionage groups exploiting edge devices for persistent access, revealing a shift towards faster hand-offs between initial access brokers and ransomware deployers.

NICKEL ALLEY, a North Korean threat group, is targeting technology professionals with fake job opportunities and malicious code repositories to deliver malware like PyLangGhost RAT and BeaverTail, aiming to steal cryptocurrency.

Multiple vulnerabilities in Redis allow an attacker to execute arbitrary program code and perform a denial-of-service attack.

Multiple vulnerabilities in Red Hat Developer Hub allow a remote attacker to perform denial of service, execute arbitrary code, bypass security measures, and manipulate data.

An anonymous remote attacker can exploit multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform to cause a denial-of-service condition, manipulate data, and conduct further attacks such as cache poisoning and session hijacking.

Multiple vulnerabilities in the Grub bootloader allow attackers to execute arbitrary code and cause denial-of-service conditions.

A local attacker can exploit a vulnerability in RedHat Multicluster Engine for Kubernetes to escalate privileges.

Multiple vulnerabilities in Apache Tomcat can be exploited by a remote, authenticated or anonymous attacker to execute arbitrary code, bypass security measures, manipulate data, and cause a denial of service.

An anonymous remote attacker can exploit multiple vulnerabilities in Red Hat OpenShift GitOps to manipulate data, misrepresent information, or cause a denial of service.

An authenticated remote attacker can exploit vulnerabilities in Asterisk and Digium Certified Asterisk to achieve arbitrary code execution, denial of service, or information disclosure.

An anonymous remote attacker can exploit multiple vulnerabilities in IBM Tivoli Netcool/OMNIbus to achieve arbitrary code execution, information disclosure, file manipulation, or denial of service.

Uncontrolled growth of virtual machines (VM sprawl) in cloud environments allows attackers to exploit unmonitored VMs with overly permissive access for lateral movement, data exfiltration, and ransomware deployment.

A remote, authenticated attacker can exploit a vulnerability in Red Hat Enterprise Linux (specifically 389-ds-base) to achieve arbitrary code execution and potentially cause a denial of service.