#zdi-rewards

[ follow ]
#cybersecurity #vulnerabilities #vulnerability #remote-code-execution #ai #security #data-breach #ransomware #cisa
#microsoft-defender
Information security
fromSecurityWeek
21 hours ago

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.
Information security
fromTechRepublic
3 days ago

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.
Information security
fromThe Hacker News
6 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
Information security
fromSecurityWeek
21 hours ago

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.
Information security
fromTechRepublic
3 days ago

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.
Information security
fromThe Hacker News
6 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
more#microsoft-defender
Deliverability
fromSecurityWeek
18 hours ago

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.
#cybersecurity
fromTechCrunch
2 days ago
Privacy professionals

Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims | TechCrunch

Information security
fromTheregister
19 hours ago

Sharing isn't caring if it's an admin password: Pwned

Prioritizing convenience over security can lead to significant data loss, as demonstrated by a client using a common password and sharing it publicly.
Information security
fromThe Hacker News
10 hours ago

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 uses social engineering via Microsoft Teams to deploy malware, targeting senior employees with email spam and impersonation tactics.
DevOps
fromSecuritymagazine
2 days ago

The Security Metric That's Failing You

Measuring patch rates does not equate to a secure environment; real risks often lie in misconfigurations and outdated permissions.
Careers
fromSecuritymagazine
4 days ago

Advance Your Cybersecurity Career

Degrees and certifications in cybersecurity indicate foundational knowledge but hands-on experience and skills are more critical for success.
Privacy professionals
fromTechCrunch
2 days ago

Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims | TechCrunch

Unauthorized users accessed Mythos, a cybersecurity tool by Anthropic, through a third-party vendor, raising concerns about its potential misuse.
Software development
fromTheregister
6 days ago

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos model due to security concerns, while Opus 4.6 was used to create a functional exploit for Chrome's V8 engine.
Information security
fromTheregister
19 hours ago

Sharing isn't caring if it's an admin password: Pwned

Prioritizing convenience over security can lead to significant data loss, as demonstrated by a client using a common password and sharing it publicly.
Information security
fromThe Hacker News
10 hours ago

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 uses social engineering via Microsoft Teams to deploy malware, targeting senior employees with email spam and impersonation tactics.
more#cybersecurity
#ai
Information security
fromFast Company
1 day ago

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.
Software development
fromTheregister
2 days ago

Mythos found 271 Firefox flaws - none a human couldn't spot

Mythos AI model significantly improves bug detection, identifying 271 vulnerabilities in Firefox 150, marking a pivotal moment for software security.
Information security
fromSecurityWeek
19 hours ago

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.
Information security
fromFast Company
1 day ago

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.
more#ai
#ransomware
Law
fromTheregister
2 days ago

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.
Law
fromTheregister
2 days ago

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.
more#ransomware
Fundraising
fromIndependent
3 days ago

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.
#cisa
SF politics
fromNextgov.com
6 days ago

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.
Information security
fromSecurityWeek
2 days ago

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.
Information security
fromSecurityWeek
1 week ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
SF politics
fromNextgov.com
6 days ago

CISA resources 'more limited than I would like' amid shutdown, top official says

CISA faces significant funding limitations impacting its ability to counter hacking threats and conduct essential activities.
Information security
fromSecurityWeek
2 days ago

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.
Information security
fromSecurityWeek
1 week ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
more#cisa
#ai-security
Artificial intelligence
fromTechRepublic
3 days ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.
Information security
fromSecuritymagazine
2 days ago

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.
more#ai-security
Information security
fromIT Brew
8 hours ago

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.
Privacy professionals
fromSecuritymagazine
2 days ago

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

Fewer privacy practitioners feel confident in meeting laws, while resource shortages and compliance challenges increase stress in the field.
#data-breach
Privacy professionals
fromTheregister
3 days ago

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.
more#data-breach
fromSecuritymagazine
1 day ago

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.
Information security
Software development
fromInfoWorld
2 weeks ago

Internet Bug Bounty program hits pause on payouts

The Internet Bug Bounty program is pausing submissions for bug reports in open-source software to reassess its approach to security.
Information security
fromTechzine Global
1 day ago

Nextcloud ends bug bounty program due to too many low-quality reports

Nextcloud is ending its bug bounty program on HackerOne due to an influx of low-quality, AI-generated vulnerability reports.
Information security
fromTNW | Next-Featured
2 days ago

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.
Information security
fromTechRepublic
1 day ago

Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed

Over 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing flaw, CVE-2026-32201, posing significant security risks.
#openclaw
more#openclaw
Information security
fromDeveloper Tech News
1 day ago

Check Point: AI coding assistants are leaking API keys

AI coding assistants are unintentionally leaking sensitive internal data, including API keys, by ingesting entire workspaces without recognizing sensitive files.
Information security
fromSecurityWeek
1 day ago

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Oracle released 481 new security patches in April 2026, addressing vulnerabilities across 28 product families, with many remotely exploitable without authentication.
#security
Information security
fromThe Hacker News
1 day ago

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical vulnerability in the Terrarium Python sandbox allows arbitrary code execution with root privileges, rated 9.3 on the CVSS scale.
Information security
fromInfoWorld
1 day ago

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.
Information security
fromThe Hacker News
1 day ago

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical vulnerability in the Terrarium Python sandbox allows arbitrary code execution with root privileges, rated 9.3 on the CVSS scale.
Information security
fromInfoWorld
1 day ago

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.
more#security
#microsoft
Information security
fromZero Day Initiative
1 week ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.
Information security
fromSecurityWeek
1 week ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
Information security
fromArs Technica
1 day ago

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.
Information security
fromSecurityWeek
1 week ago

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.
Information security
fromZero Day Initiative
1 week ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.
Information security
fromSecurityWeek
1 week ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
more#microsoft
Information security
fromTechzine Global
1 day ago

As Mythos fixes Mozilla flaws, unauthorized access spells disaster

Firefox's Claude Mythos Preview addresses 271 vulnerabilities, but unauthorized access raises concerns about potential misuse by threat actors.
Information security
fromComputerWeekly.com
1 day ago

A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly

April 2025 Patch Tuesday update was the second-largest in history, addressing over 160 vulnerabilities, with AI tools potentially driving the increase.
Information security
fromSecuritymagazine
4 days ago

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.
Information security
fromSecurityWeek
2 days ago

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.
Information security
fromTechzine Global
3 days ago

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.
Information security
fromDevOps.com
6 days ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.
#nist
more#nist
Information security
fromTheregister
6 days ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.
Information security
fromSecurityWeek
6 days ago

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.
Information security
fromSecurityWeek
1 week ago

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.
Information security
fromTheregister
1 month ago

CISA says n8n critical bug exploited in real-world attacks

CISA mandates immediate patching of CVE-2025-68613, a critical 9.9-severity remote code execution vulnerability in n8n workflow automation platform affecting over 103,000 users.
Information security
fromComputerWeekly.com
1 month ago

Vulnerability reports: Increase in quantity, decrease in quality? | Computer Weekly

Bug bounty programs face sustainability challenges due to increased low-quality submissions, prompting cURL founder Daniel Stenberg to shut down his HackerOne program and switch to GitHub for vulnerability reporting.
Information security
fromThe Hacker News
1 month ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.
Information security
fromZero Day Initiative
1 month ago

Zero Day Initiative - The March 2026 Security Update Review

Adobe released eight bulletins in March 2026 addressing 80 CVEs across multiple products, with critical patches for Acrobat Reader, Substance 3D Stager, and Premiere Pro focusing on arbitrary code execution vulnerabilities.
Information security
fromTheregister
2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.
Information security
fromDroids On Roids
2 months ago

When ZeroWidth Isn't Zero: How I Found and Fixed a Vulnerability | Blog

Unicode Variation Selectors can inflate UTF-16 storage size while still passing perceived-length checks, enabling payload injection, performance issues, and possible database crashes.
#beyondtrust
more#beyondtrust
Information security
fromThe Hacker News
2 months ago

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Two critical code-injection vulnerabilities (CVE-2026-1281 and CVE-2026-1340) enable unauthenticated remote code execution in Ivanti EPMM, exploited in zero-day attacks.
fromTheregister
2 months ago

CISA gives feds 3 days to patch actively exploited Dell bug

Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024. CISA this week added the flaw, tracked as CVE-2026-22769, to its Known Exploited Vulnerabilities catalog, ordering civilian agencies to secure affected systems by February 21 - giving them just three days to get fixes in place.
Information security
[ Load more ]