Tag:

Vulnerability

Safety & Security

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

by David Walker June 3, 2026

by David Walker June 3, 2026 0 comments

Ravie LakshmananJun 03, 2026Vulnerability / Server Security Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. …

Safety & Security

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

by David Walker May 29, 2026

by David Walker May 29, 2026 0 comments

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and …

Safety & Security

Every Old Vulnerability Is Now an AI Vulnerability

by David Walker April 19, 2026

by David Walker April 19, 2026 0 comments

OPINION On March 10, 2026, Microsoft patched CVE-2026-26144, a cross-site scripting (XSS) vulnerability in Excel. XSS in Office isn’t anything new, but what makes this XSS different is what happens after …

Safety & Security

Critical BeyondTrust RS vulnerability exploited in active attacks

by David Walker February 14, 2026

by David Walker February 14, 2026 0 comments

Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support appliances, which included …

Safety & Security

Threat actors hijack web traffic after exploiting React2Shell vulnerability: Report

by David Walker February 4, 2026

by David Walker February 4, 2026 0 comments

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes. That’s the conclusion of …

Safety & Security

Critical vulnerability in IBM API Connect could allow authentication bypass

by David Walker January 1, 2026

by David Walker January 1, 2026 0 comments

This, said Gogia, further elevates the risk. “That is not a cosmetic detail,” he noted. “Management planes define configuration truth, lifecycle control, and operational authority across the platform. When remediation …

Safety & Security

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

by David Walker December 26, 2025

by David Walker December 26, 2025 0 comments

Dec 26, 2025Ravie LakshmananAI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even …

Safety & Security

Apache Tika hit by critical vulnerability thought to be patched months ago

by David Walker December 9, 2025

by David Walker December 9, 2025 0 comments

CVE superset The maintainers have now realized that the XXE injection flaw is not limited to this module. It affects additional Tika components, namely Apache Tika tika-core, versions 1.13 to …

Safety & Security

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

by David Walker November 2, 2025

by David Walker November 2, 2025 0 comments

Nov 01, 2025Ravie LakshmananArtificial Intelligence / Vulnerability The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with …

Safety & Security

Alert: Exploit available to threat actors for SAP S/4HANA critical vulnerability

by David Walker September 5, 2025

by David Walker September 5, 2025 0 comments

“This vulnerability could fill in an important gap in an attacker’s arsenal to attack these systems,” he added. “They will still need some credentials, but they could be low-level credentials …