Vulnerability Intelligence Archives - Page 19 of 22

CISA Expands KEV Catalog with ScreenConnect Path Traversal and Windows Shell Spoofing Vulnerabilities

CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a high-severity path traversal flaw in ConnectWise ScreenConnect and a Windows Shell spoofing vulnerability. Both flaws have confirmed active exploitation in the wild, requiring federal agencies and private organizations to prioritize patching to prevent unauthorized remote access and network-based identity spoofing. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk Identity & Governance Vulnerability Intelligence

Google Patches Critical Remote Code Execution Vulnerability in Android Wireless ADB

Google has addressed a high-severity security flaw (CVE-2026-0073) in the wireless Android Debug Bridge (ADB) functionality. Affecting Android 14 and newer versions, the vulnerability allows nearby attackers to bypass authentication and execute code with shell privileges. Users should ensure their devices are updated to the May 2026 security patch level to mitigate risk. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Vulnerability Intelligence

Convergence of Human and System Vulnerabilities: Analyzing ‘Copy Fail’ and Recent Japanese Security Breaches

Recent high-profile security incidents involving Hatena and Money Forward, combined with the discovery of the 'Copy Fail' Linux kernel vulnerability (CVE-2026-31431), highlight a dangerous trend where attackers combine social engineering with local system exploits to bypass traditional network defenses. Read more

May 13, 2026 AI Infrastructure Risk AI Security Cloud Security Vulnerability Intelligence

Google Identifies AI-Generated Zero-Day Exploits and Autonomous Malware Operations

Google's Threat Intelligence Group (GTIG) has revealed that state-sponsored actors from China, North Korea, and Russia are increasingly integrating generative AI to discover zero-day vulnerabilities, automate malware generation, and conduct large-scale disinformation campaigns. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk AI Security Cloud Security Vulnerability Intelligence

Google Identifies First Cases of AI-Driven Zero-Day Exploitation by Threat Actors

Google's Threat Intelligence Group (GTIG) has reported the first observed instances of hackers using AI to discover zero-day vulnerabilities and generate exploit tools for large-scale attacks. The activity involved several notorious hacking groups collaborating to bypass two-factor authentication (2FA) in open-source network management tools. Read more

May 13, 2026 Cloud Security Identity & Governance Incidents & Breaches Vulnerability Intelligence

SAP Patches Critical Vulnerabilities in S/4HANA and Commerce Cloud with CVSS 9.6 Ratings

SAP has released its May 2026 security updates, addressing 15 vulnerabilities including two critical flaws in S/4HANA and Commerce Cloud that could lead to unauthorized data access and remote code execution. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Vulnerability Intelligence

Taiwan CERT warns of critical pre-auth RCE flaw in EHG2408 industrial switch firmware (CVE-2026-3823)

TWCERT/CC published a TVN advisory for a critical stack-based buffer overflow in ShangShang Technology’s EHG2408 series Ethernet switches. The flaw (CVE-2026-3823, CVSS 9.8) is reachable over the network without authentication and could allow remote attackers to hijack execution flow and run arbitrary code. Affected users are advised to upgrade to firmware v3.36 or later. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

TWCERT warns of brute-force protection bypass in D-Link DWM-222W Wi‑Fi 6 USB modem; firmware update available

Taiwan’s TWCERT/CC published a high-severity vulnerability notice for the D-Link DWM-222W Wi‑Fi 6 USB mobile network adapter/modem. The issue allows an unauthenticated attacker on the same network domain to bypass login attempt limits, enabling brute-force attempts that could lead to device control. D-Link firmware 1.02.00 and later is listed as the fix. Read more

May 13, 2026 Cloud Security Identity & Governance Incidents & Breaches Vulnerability Intelligence

Taiwan CERT warns of three vulnerabilities in WeiQiao Information SSO and electronic directory system, including critical unauthenticated LFI (CVE-2026-3826)

TWCERT/CC disclosed three vulnerabilities affecting WeiQiao Information’s “Single Sign-On and Electronic Directory Service System” (單一簽入暨電子目錄服務系統). Two medium-severity issues are open redirect (CVE-2026-3824) and reflected XSS (CVE-2026-3825), both described as exploitable by authenticated remote attackers via user interaction. A critical issue, CVE-2026-3826 (CVSS 9.8), is a local file inclusion flaw described as exploitable by an unauthenticated remote attacker and could enable server-side arbitrary code execution. TWCERT/CC recommends upgrading to IFTOP_P4_181 or later; versions before IFTOP_P4_181 are affected. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Taiwan CERT warns of two local privilege escalation flaws in AVACAST for Windows (CVE-2026-7279, CVE-2026-7280)

TWCERT/CC published a Taiwan Vulnerability Note (TVN-202604011) detailing two vulnerabilities affecting Herlin Digital Technology’s AVACAST for Windows versions 5.10.10.43 and earlier. The issues—DLL hijacking (CVE-2026-7279, CVSS 7.8 High) and an unquoted service path (CVE-2026-7280, CVSS 6.7 Medium)—could allow authenticated local attackers (and in the second case, a local admin) to execute code with SYSTEM privileges. TWCERT/CC recommends updating to AVACAST 5.10.10.45 or later. Read more