Claude Code Vulnerability Allows Attackers to Run Commands Through Crafted Deeplinks
A recently disclosed flaw in Claude Code allowed attackers to execute arbitrary system commands using a single crafted deeplink URL, turning a convenience fe...
Vulnerability Disclosure
20 articles
Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores
Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerabi...
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft d...
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaSc...
PoC Code Published for Critical NGINX Vulnerability
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical...
Researchers bypass Apple's M5 security with AI-powered macOS exploit
Researchers from Calif utilized Anthropic's Mythos Preview AI to chain two previously unknown bugs and several techniques, ultimately creating a functional e...
WordPress Funnel Builder vulnerability exploited to steal payment data
The vulnerability in the Funnel Builder plugin, used by over 40,000 websites, allows unauthenticated attackers to modify global settings via an unprotected c...
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce chec...
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and pers...
CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentic...
Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
A powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulne...
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the thre...
Cisco warns of an actively exploited SD-WAN flaw with max severity
Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warnin...
New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available
Fragnesia is at least the fourth privilege escalation flaw affecting Linux systems disclosed in the last three weeks.
Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
Microsoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to s...
Rocky Linux launches opt-in security repository for urgent fixes
Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public ex...
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensi...
Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
Hackers linked to the long-running FrostyNeighbor cyber‑espionage group have intensified attacks against Ukrainian government organizations, deploying update...
[local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
Remote Sunrise Helper for Windows 2026.