Home » Tags

Vulnerability

Claude's New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging

Claude's New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging

• The stocks of major cybersecurity companies have fallen sharply after AI firm Anthropic unveiled a new security capability for its Claude LLM.Anthropic announced on Friday that i

Cybersecurity · February 25, 2026 (updated February 25, 2026) · 2 min · 383 words
Open Redirects: A Forgotten Vulnerability?, (Tue, Feb 24th)

Open Redirects: A Forgotten Vulnerability?, (Tue, Feb 24th)

• Open Redirects: A Forgotten Vulnerability? • In 2010, OWASP added ‘Unvalidated Redirects and Forwards’ to its Top 10 list and merged it into ‘Sensitive Data Exposure’ in 2013 [ow

Cybersecurity · February 24, 2026 (updated February 25, 2026) · 2 min · 287 words
VMware Aria Operations Vulnerability Could Allow Remote Code Execution

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

• Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.The most important of the newly patched vulnerabilities

Cybersecurity · February 24, 2026 (updated February 25, 2026) · 2 min · 375 words
HCP Packer adds SBOM vulnerability scanning

HCP Packer adds SBOM vulnerability scanning

• HCP Packer adds SBOM vulnerability scanning Mitchell Ross HCP Risk & compliance Packer Feb 17, 2026 Mitchell Ross Share article Twitter share LinkedIn share Facebook share Copy U

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

• Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Clau

Cybersecurity · February 21, 2026 (updated February 25, 2026) · 2 min · 290 words
In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI

In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI

• SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.We provide a valuable summary of stories th

Cybersecurity · February 20, 2026 (updated February 24, 2026) · 2 min · 405 words
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

• Executive Summary On Feb. • 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. • BeyondTrust is an identity and access management platform. • This specifi

Cybersecurity · February 19, 2026 (updated February 25, 2026) · 2 min · 379 words
AI agents are accelerating vulnerability discovery. Here's how AppSec teams must adapt.

AI agents are accelerating vulnerability discovery. Here's how AppSec teams must adapt.

• We’re so glad you’re here. • You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game. • Check

ZDI-26-111: MLflow Use of Default Password Authentication Bypass Vulnerability

ZDI-26-111: MLflow Use of Default Password Authentication Bypass Vulnerability

• Advisory Details MLflow Use of Default Password Authentication Bypass Vulnerability ZDI-26-111ZDI-CAN-28256 This vulnerability allows remote attackers to bypass authentication on

Threat Intelligence · February 19, 2026 (updated February 25, 2026) · 2 min · 214 words
ZDI-26-120: GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-120: GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

• Remote attackers can execute arbitrary code via GIMP ICNS file parsing. • Exploit requires user interaction: opening malicious file or visiting malicious page. • Vulnerability du

Threat Intelligence · February 19, 2026 (updated February 24, 2026) · 1 min · 158 words
HCP Packer adds SBOM vulnerability scanning

HCP Packer adds SBOM vulnerability scanning

• HCP Packer adds SBOM vulnerability scanning Mitchell Ross HCP Risk & compliance Packer Feb 17, 2026 Mitchell Ross Share article Twitter share LinkedIn share Facebook share Copy U

National analysis maps German hospital vulnerability to flood-driven traffic disruptions

• Due to climate change, extreme weather events such as flooding are expected to increase in Germany in the future. • This poses hidden risks to the health care system that have ha

Science · February 18, 2026 (updated February 24, 2026) · 1 min · 59 words

Checkmarx Extends Vulnerability Detection to AI Coding Tool from AWS

• Checkmarx this week revealed it has added support for the Kiro artificial intelligence (AI) coding tool provided by Amazon Web Services (AWS) to its Checkmarx Developer Assist th

Telegram channels expose rapid weaponization of SmarterMail flaws

Telegram channels expose rapid weaponization of SmarterMail flaws

• SmarterMail CVE-2026-24423 and CVE-2026-23760 enable remote code execution and auth bypass. • Attackers weaponized these flaws within days of disclosure, sharing exploits on Tele

Cybersecurity · February 18, 2026 (updated February 24, 2026) · 2 min · 246 words
Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

• 16 critical, high, and medium‑severity vulnerabilities found in Foxit and Apryse PDF platforms. • Flaws include DOM XSS, SSRF, path traversal, and OS command injection. • Attacke

Cybersecurity · February 18, 2026 (updated February 24, 2026) · 1 min · 175 words
ZDI-26-107: Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-26-107: Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability

• Remote code execution via out-of-bounds write in AutoCAD MODEL file parsing. • Requires user to open malicious file or visit malicious page. • Exploit writes past allocated buffe

Threat Intelligence · February 18, 2026 (updated February 24, 2026) · 3 min · 565 words
VulnCheck Raises $25 Million in Series B Funding to Scale Vulnerability Intelligence

VulnCheck Raises $25 Million in Series B Funding to Scale Vulnerability Intelligence

• Vulnerability intelligence company VulnCheck announced on Tuesday that it has raised $25 million to meet demand for its solutions.The Series B funding round, which brings the tot

Cybersecurity · February 17, 2026 (updated February 24, 2026) · 2 min · 371 words
Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images

Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images

• Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images Open source components power most modern applications. • A new generation of hardened container images can estab

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

• CVE-2024-54529: type confusion in CoreAudio’s com.apple.audio.audiohald Mach service, causing crashes. • Exploitation involved manipulating Mach messages to fetch wrong HALS_Obje

Threat Intelligence · January 30, 2026 (updated February 24, 2026) · 1 min · 173 words
Microsoft releases update to address zero-day vulnerability in Microsoft Office

Microsoft releases update to address zero-day vulnerability in Microsoft Office

• Microsoft releases update to address zero-day vulnerability in Microsoft Office Microsoft has published three out-of-band (OOB) updates so far in January 2026. • One of these upd

Threat Intelligence · January 29, 2026 (updated February 24, 2026) · 2 min · 226 words
Foxit, Epic Games Store, MedDreams vulnerabilities

Foxit, Epic Games Store, MedDreams vulnerabilities

• Cisco Talos uncovered 25 critical vulnerabilities across Foxit PDF Editor, Epic Games Store, and MedDreams PACS. • Foxit PDF Editor had privilege escalation via Microsoft Store i

Threat Intelligence · January 22, 2026 (updated February 24, 2026) · 1 min · 194 words
How we mitigated a vulnerability in Cloudflare's ACME validation logic

How we mitigated a vulnerability in Cloudflare's ACME validation logic

• How we mitigated a vulnerability in Cloudflareâ s ACME validation logic 2026-01-19 Hrushikesh Deshpande Andrew Mitchell Leland Garofalo This post was updated on January 20, 2026.

Engineering Blogs · January 19, 2026 (updated February 25, 2026) · 2 min · 265 words
Threat Brief: MongoDB Vulnerability (CVE-2025-14847)

Threat Brief: MongoDB Vulnerability (CVE-2025-14847)

• Executive Summary On Dec. • 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive hea

Cybersecurity · January 13, 2026 (updated February 24, 2026) · 2 min · 242 words
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

• No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 Mandiant Written by: Stallone D’Souza, Praveeth DSouza, Bill Glynn, Kevin O’Flynn,

Threat Intelligence · November 10, 2025 (updated February 24, 2026) · 2 min · 277 words

Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider

• Ransomware actors target unpatched SimpleHelp RMM to breach utility billing software provider customers. • Vulnerability CVE-2024-57727, a path traversal flaw, exploited in Simpl

Cybersecurity · June 12, 2025 (updated February 24, 2026) · 1 min · 160 words
The threat from commercial cyber proliferation

The threat from commercial cyber proliferation

• Commercial software proliferation expands attack surface, increasing vulnerability exposure across enterprises. • Open-source components in commercial stacks introduce hidden bac