Lucene search
K

68 matches found

The Hacker News
The Hacker News
added 2026/06/10 9:38 a.m.18 views

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63...

9.8CVSS7.3AI score0.48438EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-48238

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-48236

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48240

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/08 9:16 a.m.11 views

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Artificial Intelligence AI company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos , to find and address security vulnerabilities. The model will be used by a small set of organizations, including...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/11 10:47 a.m.7 views

March 2026 Patch Tuesday fixes two zero-day vulnerabilities

Microsoft releases important security updates on the second Tuesday of every month, known as Patch Tuesday. This month’s update fixes 79 Microsoft CVEs including two zero-day vulnerabilities. Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is...

8.8CVSS6.3AI score0.02049EPSS
Exploits0
HackRead
HackRead
added 2026/02/23 5:27 p.m.7 views

Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks

16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/18 12:3 p.m.11 views

AI Found Twelve New Vulnerabilities in OpenSSL

The title of the post is"What AI Security Research Looks Like When It Works," and I agree: In the latest OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities meaning unknown to the maintainers at time of disclosure were announced. Our AI system is responsible for the...

9.8CVSS5.8AI score0.47621EPSS
Exploits7
HackRead
HackRead
added 2026/02/02 3:19 p.m.9 views

Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack

Ivanti has disclosed two critical remote code execution RCE flaws CVE-2026-1281 & CVE-2026-1340 in its EPMM software...

9.8CVSS6.3AI score0.8404EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/01/30 4:43 a.m.12 views

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile EPMM that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV...

9.8CVSS8.1AI score0.8404EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/12/11 7:9 a.m.30 views

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other...

9.8CVSS8.2AI score0.22359EPSS
Exploits26
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.8 views

PT-2025-46143

Name of the Vulnerable Software and Affected Versions HBS 3 Hybrid Backup Sync versions prior to 26.2.0.938 Description An external control of file name or path issue exists in HBS 3 Hybrid Backup Sync. An attacker with local network access can potentially read or modify files and directories...

7.8CVSS7.6AI score0.00223EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.6 views

PT-2025-46139

Name of the Vulnerable Software and Affected Versions Malware Remover versions prior to 6.6.8.20251023 Description Improper control of code generation allows remote attackers to perform code injection, leading to remote code execution and the ability to bypass protection mechanisms. Recommendatio...

9.8CVSS7.9AI score0.01437EPSS
Exploits0References18
HackRead
HackRead
added 2025/10/02 2:5 p.m.5 views

$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.5 views

PT-2025-39212

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo is a learning management system. A Cross-Site Request Forgery CSRF issue allows an attacker to delete projects within a course without the victim’s consent. Sensitive actions, such as proje...

8.1CVSS5.8AI score0.00151EPSS
Exploits0References5
Krebs on Security
Krebs on Security
added 2025/05/14 11:57 a.m.38 views

Patch Tuesday, May 2025 Edition

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesse...

7.8CVSS8AI score0.21562EPSS
Exploits11
The Hacker News
The Hacker News
added 2025/01/15 5:15 a.m.24 views

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a...

9.8CVSS10AI score0.80912EPSS
Exploits12
The Hacker News
The Hacker News
added 2024/07/17 8:47 a.m.42 views

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis...

9.3CVSS7.3AI score0.8593EPSS
Exploits18
The Hacker News
The Hacker News
added 2024/05/24 4:30 p.m.34 views

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure ICS involved the threat actor creating rogue virtual machines VMs within its VMware environment. "The adversary created...

9.1CVSS10AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2024/03/28 4:50 p.m.41 views

Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

The Police of Finland aka Poliisi has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the...

7.1AI score
Exploits0
Rows per page
Query Builder