https://cluster-site.onrender.com/tags/vulnerability/ Recent content in Vulnerability on Tenu Tech Brief Hugo -- 0.146.0 en-us Wed, 25 Feb 2026 09:56:00 +0000 https://cluster-site.onrender.com/posts/claudes-new-ai-vulnerability-scanner-sends-cybersecurity-shares-plunging/ Wed, 25 Feb 2026 09:44:02 +0000 https://cluster-site.onrender.com/posts/claudes-new-ai-vulnerability-scanner-sends-cybersecurity-shares-plunging/ • The stocks of major cybersecurity companies have fallen sharply after AI firm Anthropic unveiled a new security capability for its Claude LLM.Anthropic announced on Friday that i https://cluster-site.onrender.com/posts/open-redirects-a-forgotten-vulnerability%23x3f-tue-feb-24th/ Tue, 24 Feb 2026 18:04:01 +0000 https://cluster-site.onrender.com/posts/open-redirects-a-forgotten-vulnerability%23x3f-tue-feb-24th/ • Open Redirects: A Forgotten Vulnerability? • In 2010, OWASP added ‘Unvalidated Redirects and Forwards’ to its Top 10 list and merged it into ‘Sensitive Data Exposure’ in 2013 [ow https://cluster-site.onrender.com/posts/vmware-aria-operations-vulnerability-could-allow-remote-code-execution/ Tue, 24 Feb 2026 14:30:00 +0000 https://cluster-site.onrender.com/posts/vmware-aria-operations-vulnerability-could-allow-remote-code-execution/ • Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.The most important of the newly patched vulnerabilities https://cluster-site.onrender.com/posts/hcp-packer-adds-sbom-vulnerability-scanning/ Tue, 24 Feb 2026 00:31:29 +0000 https://cluster-site.onrender.com/posts/hcp-packer-adds-sbom-vulnerability-scanning/ • HCP Packer adds SBOM vulnerability scanning Mitchell Ross HCP Risk & compliance Packer Feb 17, 2026 Mitchell Ross Share article Twitter share LinkedIn share Facebook share Copy U https://cluster-site.onrender.com/posts/anthropic-launches-claude-code-security-for-ai-powered-vulnerability-scanning/ Sat, 21 Feb 2026 07:58:00 +0000 https://cluster-site.onrender.com/posts/anthropic-launches-claude-code-security-for-ai-powered-vulnerability-scanning/ • Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Clau https://cluster-site.onrender.com/posts/in-other-news-ransomware-shuts-us-clinics-ics-vulnerability-surge-european-parliament-bans-ai/ Fri, 20 Feb 2026 15:30:00 +0000 https://cluster-site.onrender.com/posts/in-other-news-ransomware-shuts-us-clinics-ics-vulnerability-surge-european-parliament-bans-ai/ • SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.We provide a valuable summary of stories th https://cluster-site.onrender.com/posts/vshell-and-sparkrat-observed-in-exploitation-of-beyondtrust-critical-vulnerability-cve-2026-1731/ Thu, 19 Feb 2026 23:00:55 +0000 https://cluster-site.onrender.com/posts/vshell-and-sparkrat-observed-in-exploitation-of-beyondtrust-critical-vulnerability-cve-2026-1731/ • Executive Summary On Feb. • 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. • BeyondTrust is an identity and access management platform. • This specifi https://cluster-site.onrender.com/posts/ai-agents-are-accelerating-vulnerability-discovery.-heres-how-appsec-teams-must-adapt./ Thu, 19 Feb 2026 21:31:08 +0000 https://cluster-site.onrender.com/posts/ai-agents-are-accelerating-vulnerability-discovery.-heres-how-appsec-teams-must-adapt./ • We’re so glad you’re here. • You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game. • Check https://cluster-site.onrender.com/posts/zdi-26-111-mlflow-use-of-default-password-authentication-bypass-vulnerability/ Thu, 19 Feb 2026 06:00:00 +0000 https://cluster-site.onrender.com/posts/zdi-26-111-mlflow-use-of-default-password-authentication-bypass-vulnerability/ • Advisory Details MLflow Use of Default Password Authentication Bypass Vulnerability ZDI-26-111ZDI-CAN-28256 This vulnerability allows remote attackers to bypass authentication on https://cluster-site.onrender.com/posts/zdi-26-120-gimp-icns-file-parsing-heap-based-buffer-overflow-remote-code-execution-vulnerability/ Thu, 19 Feb 2026 06:00:00 +0000 https://cluster-site.onrender.com/posts/zdi-26-120-gimp-icns-file-parsing-heap-based-buffer-overflow-remote-code-execution-vulnerability/ • Remote attackers can execute arbitrary code via GIMP ICNS file parsing. • Exploit requires user interaction: opening malicious file or visiting malicious page. • Vulnerability du https://cluster-site.onrender.com/posts/hcp-packer-adds-sbom-vulnerability-scanning/ Thu, 19 Feb 2026 00:46:11 +0000 https://cluster-site.onrender.com/posts/hcp-packer-adds-sbom-vulnerability-scanning/ • HCP Packer adds SBOM vulnerability scanning Mitchell Ross HCP Risk & compliance Packer Feb 17, 2026 Mitchell Ross Share article Twitter share LinkedIn share Facebook share Copy U https://cluster-site.onrender.com/posts/national-analysis-maps-german-hospital-vulnerability-to-flood-driven-traffic-disruptions/ Wed, 18 Feb 2026 22:30:01 +0000 https://cluster-site.onrender.com/posts/national-analysis-maps-german-hospital-vulnerability-to-flood-driven-traffic-disruptions/ • Due to climate change, extreme weather events such as flooding are expected to increase in Germany in the future. • This poses hidden risks to the health care system that have ha https://cluster-site.onrender.com/posts/checkmarx-extends-vulnerability-detection-to-ai-coding-tool-from-aws/ Wed, 18 Feb 2026 22:15:12 +0000 https://cluster-site.onrender.com/posts/checkmarx-extends-vulnerability-detection-to-ai-coding-tool-from-aws/ • Checkmarx this week revealed it has added support for the Kiro artificial intelligence (AI) coding tool provided by Amazon Web Services (AWS) to its Checkmarx Developer Assist th https://cluster-site.onrender.com/posts/telegram-channels-expose-rapid-weaponization-of-smartermail-flaws/ Wed, 18 Feb 2026 16:27:38 +0000 https://cluster-site.onrender.com/posts/telegram-channels-expose-rapid-weaponization-of-smartermail-flaws/ • SmarterMail CVE-2026-24423 and CVE-2026-23760 enable remote code execution and auth bypass. • Attackers weaponized these flaws within days of disclosure, sharing exploits on Tele https://cluster-site.onrender.com/posts/vulnerabilities-in-popular-pdf-platforms-allowed-account-takeover-data-exfiltration/ Wed, 18 Feb 2026 13:16:19 +0000 https://cluster-site.onrender.com/posts/vulnerabilities-in-popular-pdf-platforms-allowed-account-takeover-data-exfiltration/ • 16 critical, high, and medium‑severity vulnerabilities found in Foxit and Apryse PDF platforms. • Flaws include DOM XSS, SSRF, path traversal, and OS command injection. • Attacke https://cluster-site.onrender.com/posts/zdi-26-107-autodesk-autocad-model-file-out-of-bounds-write-remote-code-execution-vulnerability/ Wed, 18 Feb 2026 06:00:00 +0000 https://cluster-site.onrender.com/posts/zdi-26-107-autodesk-autocad-model-file-out-of-bounds-write-remote-code-execution-vulnerability/ • Remote code execution via out-of-bounds write in AutoCAD MODEL file parsing. • Requires user to open malicious file or visit malicious page. • Exploit writes past allocated buffe https://cluster-site.onrender.com/posts/vulncheck-raises-25-million-in-series-b-funding-to-scale-vulnerability-intelligence/ Tue, 17 Feb 2026 16:00:04 +0000 https://cluster-site.onrender.com/posts/vulncheck-raises-25-million-in-series-b-funding-to-scale-vulnerability-intelligence/ • Vulnerability intelligence company VulnCheck announced on Tuesday that it has raised $25 million to meet demand for its solutions.The Series B funding round, which brings the tot https://cluster-site.onrender.com/posts/reduce-vulnerability-noise-with-vex-wiz--docker-hardened-images/ Thu, 05 Feb 2026 23:25:55 +0000 https://cluster-site.onrender.com/posts/reduce-vulnerability-noise-with-vex-wiz--docker-hardened-images/ • Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images Open source components power most modern applications. • A new generation of hardened container images can estab https://cluster-site.onrender.com/posts/breaking-the-sound-barrier-part-ii-exploiting-cve-2024-54529/ Fri, 30 Jan 2026 08:00:00 +0000 https://cluster-site.onrender.com/posts/breaking-the-sound-barrier-part-ii-exploiting-cve-2024-54529/ • CVE-2024-54529: type confusion in CoreAudio’s com.apple.audio.audiohald Mach service, causing crashes. • Exploitation involved manipulating Mach messages to fetch wrong HALS_Obje https://cluster-site.onrender.com/posts/microsoft-releases-update-to-address-zero-day-vulnerability-in-microsoft-office/ Thu, 29 Jan 2026 14:43:54 +0000 https://cluster-site.onrender.com/posts/microsoft-releases-update-to-address-zero-day-vulnerability-in-microsoft-office/ • Microsoft releases update to address zero-day vulnerability in Microsoft Office Microsoft has published three out-of-band (OOB) updates so far in January 2026. • One of these upd https://cluster-site.onrender.com/posts/foxit-epic-games-store-meddreams-vulnerabilities/ Thu, 22 Jan 2026 13:54:57 +0000 https://cluster-site.onrender.com/posts/foxit-epic-games-store-meddreams-vulnerabilities/ • Cisco Talos uncovered 25 critical vulnerabilities across Foxit PDF Editor, Epic Games Store, and MedDreams PACS. • Foxit PDF Editor had privilege escalation via Microsoft Store i https://cluster-site.onrender.com/posts/how-we-mitigated-a-vulnerability-in-cloudflares-acme-validation-logic/ Mon, 19 Jan 2026 14:00:00 +0000 https://cluster-site.onrender.com/posts/how-we-mitigated-a-vulnerability-in-cloudflares-acme-validation-logic/ • How we mitigated a vulnerability in Cloudflareâ s ACME validation logic 2026-01-19 Hrushikesh Deshpande Andrew Mitchell Leland Garofalo This post was updated on January 20, 2026. https://cluster-site.onrender.com/posts/threat-brief-mongodb-vulnerability-cve-2025-14847/ Tue, 13 Jan 2026 20:30:02 +0000 https://cluster-site.onrender.com/posts/threat-brief-mongodb-vulnerability-cve-2025-14847/ • Executive Summary On Dec. • 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive hea https://cluster-site.onrender.com/posts/no-place-like-localhost-unauthenticated-remote-access-via-triofox-vulnerability-cve-2025-12480/ Mon, 10 Nov 2025 14:00:00 +0000 https://cluster-site.onrender.com/posts/no-place-like-localhost-unauthenticated-remote-access-via-triofox-vulnerability-cve-2025-12480/ • No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 Mandiant Written by: Stallone D’Souza, Praveeth DSouza, Bill Glynn, Kevin O’Flynn, https://cluster-site.onrender.com/posts/ransomware-actors-exploit-unpatched-simplehelp-remote-monitoring-and-management-to-compromise-utility-billing-software-provider/ Thu, 12 Jun 2025 14:29:54 +0000 https://cluster-site.onrender.com/posts/ransomware-actors-exploit-unpatched-simplehelp-remote-monitoring-and-management-to-compromise-utility-billing-software-provider/ • Ransomware actors target unpatched SimpleHelp RMM to breach utility billing software provider customers. • Vulnerability CVE-2024-57727, a path traversal flaw, exploited in Simpl https://cluster-site.onrender.com/posts/the-threat-from-commercial-cyber-proliferation/ Wed, 12 Mar 2025 11:20:26 +0000 https://cluster-site.onrender.com/posts/the-threat-from-commercial-cyber-proliferation/ • Commercial software proliferation expands attack surface, increasing vulnerability exposure across enterprises. • Open-source components in commercial stacks introduce hidden bac