Posted on Cloud Security Identity & Governance Security Operations Vulnerability Intelligence

KISA Issues Security Advisory for Critical Out-of-Bounds Write Vulnerability in Palo Alto Networks PAN-OS

Palo Alto Networks has released critical security updates addressing CVE-2026-0300, an out-of-bounds write vulnerability in its PAN-OS software. Affecting versions 10.2 through 12.1, the flaw poses significant risks to network infrastructure security. The Korea Internet & Security Agency (KISA) strongly recommends that organizations apply the specific hotfixes and maintenance releases provided to mitigate potential exploitation risks. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Cisco Unity Connection Security Update Addresses Critical Path Traversal and SSRF Vulnerabilities

Cisco has released critical security patches for Cisco Unity Connection to address vulnerabilities including Path Traversal (CVE-2026-20034) and Server-Side Request Forgery (CVE-2026-20035). These flaws affect versions 12.5 through 15.0, potentially allowing unauthorized system access. Organizations are advised to upgrade to version 15SU4 or 14SU5 to mitigate these infrastructure risks. Read more

Posted on AI Security Cloud Security Incidents & Breaches Vulnerability Intelligence

Ollama Issues Security Update to Patch Critical Out-of-Bounds Read Vulnerability

Ollama has released a critical security update to address CVE-2026-7482, an out-of-bounds read vulnerability. KISA has issued an advisory recommending that users upgrade to version 0.17.1 or higher. The flaw could allow unauthorized memory access, necessitating immediate patching or temporary mitigation by restricting external API access and rotating keys. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

cPanel and WP Squared Address Critical Security Vulnerabilities in Global Update

cPanel has released urgent security updates for cPanel & WHM and WP Squared to address three critical vulnerabilities: improper input validation, code injection, and symbolic link following. These flaws affect numerous legacy and current versions, potentially allowing unauthorized system access. Administrators should immediately verify their software versions and apply the recommended patches to mitigate the risk of server compromise. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Oracle Releases Critical Patch Update Addressing 481 Vulnerabilities Across Java and Enterprise Suites

Oracle has issued its April 2026 Critical Patch Update, delivering 481 security fixes across its product portfolio. The update addresses several high-risk vulnerabilities in Java SE and GraalVM, some of which allow unauthenticated network-based attacks. Organizations are urged to apply these patches immediately to mitigate risks of unauthorized code execution and service disruptions. Read more

Posted on AI Security Cloud Security Incidents & Breaches Vulnerability Intelligence

Exploiting Human Logic: The Rise of ‘MFA Fatigue’ and Password Manager Social Engineering

Modern cyber threats are shifting focus from breaking encryption to manipulating user behavior through psychological fatigue. New tactics target the friction between automated security tools and manual user intervention, specifically exploiting the 'MFA fatigue' phenomenon and the warning dialogs of password managers to trick users into authorizing unauthorized access or bypassing domain-matching security protocols. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Critical Microsoft ASP.NET Core Vulnerability Enables System Privilege Escalation

Microsoft has released urgent security updates for ASP.NET Core to address CVE-2026-40372, a critical elevation of privilege vulnerability. Flaws in cryptographic signature validation allow unauthenticated attackers to forge authentication cookies and gain SYSTEM-level access. The vulnerability primarily impacts non-Windows environments using the Data Protection package, requiring immediate patching of affected container and server deployments. Read more

Posted on AI Security Cloud Security Security Operations Vulnerability Intelligence

CrowdStrike Launches Project QuiltWorks to Counter AI-Driven Vulnerability Discovery

CrowdStrike has established Project QuiltWorks, an industry-wide coalition including OpenAI and IBM, to address the rapid discovery of software vulnerabilities by generative AI. The initiative integrates expert-led red teaming with frontier AI models to help organizations prioritize and remediate risks faster than automated exploitation tools can identify them, moving beyond traditional periodic security scanning. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

CISA Expands KEV Catalog with ScreenConnect Path Traversal and Windows Shell Spoofing Vulnerabilities

CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a high-severity path traversal flaw in ConnectWise ScreenConnect and a Windows Shell spoofing vulnerability. Both flaws have confirmed active exploitation in the wild, requiring federal agencies and private organizations to prioritize patching to prevent unauthorized remote access and network-based identity spoofing. Read more

Posted on AI Infrastructure Risk Identity & Governance Vulnerability Intelligence

Google Patches Critical Remote Code Execution Vulnerability in Android Wireless ADB

Google has addressed a high-severity security flaw (CVE-2026-0073) in the wireless Android Debug Bridge (ADB) functionality. Affecting Android 14 and newer versions, the vulnerability allows nearby attackers to bypass authentication and execute code with shell privileges. Users should ensure their devices are updated to the May 2026 security patch level to mitigate risk. Read more