brangberg – Page 24

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases.
Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites.

The post Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs appeared first on SecurityWeek.

Security of 100 AI Agents Tested and Ranked – What You Need to Know

The AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of their security defenses.

The post Security of 100 AI Agents Tested and Ranked – What You Need to Know appeared first on SecurityWeek.

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.

“Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said.

GitHub supports a feature called GitHub.dev that runs as

Hackers Target Global Stock Exchange in Espionage Operation

The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months.

The post Hackers Target Global Stock Exchange in Espionage Operation appeared first on SecurityWeek.

IMA Diligence Services Data Breach Impacts 525,000 People

The affected individuals’ personal information was stolen from a legacy server managed by a third party.

The post IMA Diligence Services Data Breach Impacts 525,000 People appeared first on SecurityWeek.

Organizations Warned of Exploited Linux Kernel Vulnerability

An improper authentication bug allows attackers to escalate their privileges and escape containers.

The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek.

Acer working to patch max severity zero-days in Wave 7 routers

Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. […]

‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds

The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold.

The post ‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds appeared first on SecurityWeek.

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker.

Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress.

CVE-2026-33829 refers to a spoofing vulnerability that could expose

Author: brangberg