Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions Vulnerabilities The Hacker News
The Hacker News Jul 11, 2026 1 min read

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. "The

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external security

Palo Alto Networks Patches 13 Vulnerabilities Vulnerabilities SecurityWeek
SecurityWeek Jul 10, 2026 1 min read

Palo Alto Networks Patches 13 Vulnerabilities

Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software. The post Palo Alto Networks Patches 13 Vulnerabilities appeared first on SecurityWeek.

'Djinn' Stealer Targets Cloud, AI Credentials Vulnerabilities Dark Reading
Dark Reading Jul 10, 2026 1 min read

'Djinn' Stealer Targets Cloud, AI Credentials

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.

Microsoft Reins in RoguePlanet Zero-Day Threat Vulnerabilities Dark Reading
Dark Reading Jul 10, 2026 1 min read

Microsoft Reins in RoguePlanet Zero-Day Threat

The researcher known as "Nightmare-Eclipse" published a proof-of-concept (PoC) exploit for the Windows Defender vulnerability in early June after dropping several other Microsoft zero-days.

Hackers exploit critical auth bypass in Gitea Docker image Vulnerabilities Bleeping Computer
Bleeping Computer Jul 10, 2026 1 min read

Hackers exploit critical auth bypass in Gitea Docker image

Hackers are actively exploiting a critical vulnerability in the official Docker image for the Gitea self-hosted Git service that allows attackers to impersonate any user, including administrators. [...]

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Vulnerabilities Krebs on Security
Krebs on Security Jul 10, 2026 3 min read

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords.

A Record-Breaking Patch Tuesday for June 2026 Vulnerabilities Krebs on Security
Krebs on Security Jul 10, 2026 4 min read

A Record-Breaking Patch Tuesday for June 2026

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available.

Felons, Fraudsters Flog Offensive Cybersecurity Startup Vulnerabilities Krebs on Security
Krebs on Security Jul 10, 2026 6 min read

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit

Showing 1–9 of 38 articles
1 2 Next