The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. […]
38 Vulnerabilities Found in OpenEMR Medical Software
Some of the vulnerabilities discovered by Aisle can be exploited to access and alter sensitive patient information.
The post 38 Vulnerabilities Found in OpenEMR Medical Software appeared first on SecurityWeek.
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software.
The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions –
The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions –
11.110.0.97
11.118.0.63
11.126.0.54
11.132.0.29
Chrome 147, Firefox 150 Security Updates Rolling Out
The browser refreshes resolve critical and high-severity vulnerabilities that could lead to arbitrary code execution.
The post Chrome 147, Firefox 150 Security Updates Rolling Out appeared first on SecurityWeek.
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below –
The vulnerabilities are listed below –
CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect
Microsoft says backend change broke Teams Free chat and calls
Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. […]
Critical GitHub Vulnerability Exposed Millions of Repositories
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server.
The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.
The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying
The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying
Broken VECT 2.0 ransomware acts as a data wiper for large files
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. […]
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. […]