CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction.
The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek.
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets hold of one, they don’t need a password.
OAuth
OAuth
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck.
The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution.
“MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code
The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution.
“MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code
Google now offers up to $1.5 million for some Android exploits
Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find. […]
Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
The most severe of these security defects could allow remote attackers to execute arbitrary code.
The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek.
Karakurt Ransomware Negotiator Sentenced to Prison
Deniss Zolotarjovs was directly involved in extortion strategies and in negotiations with victim companies.
The post Karakurt Ransomware Negotiator Sentenced to Prison appeared first on SecurityWeek.
We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security.
In the wake of the
In the wake of the
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his “cold case” negotiator role in the Russian Karakurt ransomware group. […]
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. […]
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests.
The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.