security update
Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code …
Flatpak 1.16.4 fixes sandbox escape and three other security flaws
Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete …
OpenSSL 3.6.2 lands with eight CVE fixes
OpenSSL 3.6.2 patches eight CVEs across a range of components. The project rates the most severe issue in the release as Moderate. What got fixed The release fixes incorrect …
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote …
DarkSword exploit forces Apple to loosen its patching policy
Apple has extended security updates to a wider range of devices still running iOS 18, aiming to protect users from the DarkSword exploit kit. This is not the first time Apple …
Apple counters ClickFix attacks with macOS Terminal warning
Apple has added a new security feature in macOS Tahoe 26.4 that warns users before they enter commands in Terminal that could cause harm. The goal is to stop ClickFix attacks, …
Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited
On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively …
FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289)
A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially …
Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)
A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized …
Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation
The Android March 2026 security patch addresses vulnerabilities across dozens of components and includes one CVE confirmed under active exploitation. Devices running a patch …
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329)
A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 …
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers …
Featured news
Resources
Don't miss
- Booking.com data breach: Customer reservation data exposed
- AI adoption is outpacing the safeguards around it
- Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready
- Review: The Psychology of Information Security
- 29 million leaked secrets in 2025: Why AI agents credentials are out of control