ZCyberNews
中文

Articles

432 articles

OpenImageIO TGA Decoder Flaw CVE-2026-43996 Enables OOB ReadMEDIUM
Vulnerabilities

OpenImageIO TGA Decoder Flaw CVE-2026-43996 Enables OOB Read

CVE-2026-43996 (CVSS 5.5) in OpenImageIO TGA decoder uses unsigned 32-bit wrap to bypass bounds check, enabling out-of-bounds read. Affects versions prior to 3.0.18.0 and 3.1.13.0.

CVE-2026-43996
3 min read
Palo Alto GlobalProtect Flaws Let Attackers Intercept EncryptedHIGH
Vulnerabilities

Palo Alto GlobalProtect Flaws Let Attackers Intercept Encrypted

CVE-2026-0249: Multiple improper certificate validation flaws in Palo Alto Networks GlobalProtect app let local or same-subnet attackers intercept encrypted traffic and install...

CVE-2026-0249
3 min read
protobufjs Flaw CVE-2026-45740 Enables DoS via Deeply Nested JSONHIGH
Vulnerabilities

protobufjs Flaw CVE-2026-45740 Enables DoS via Deeply Nested JSON

CVE-2026-45740 (CVSS 7.5) in protobufjs lets attackers crash Node.js apps by sending crafted JSON descriptors with deeply nested namespaces — affects versions before 7.5.8 and...

CVE-2026-45740
3 min read
AI Hallucinations Exploit Human Trust in Critical InfrastructureHIGH
Industry News

AI Hallucinations Exploit Human Trust in Critical Infrastructure

AI models produce confident but incorrect outputs that have led to misconfigured firewalls and pipeline valve errors, researchers warn.

3 min read
AI Security Startup Funding Surpasses Acquisitions by $1B in 1Q26INFORMATIONAL
Industry News

AI Security Startup Funding Surpasses Acquisitions by $1B in 1Q26

Dark Reading reports AI security startup investments exceeded acquisition value by over $1 billion in 1Q26, signaling a widening 'valley of death' for maturing firms.

2 min read
Cisco Catalyst SD-WAN Controller Flaw CVE-2026-20182 Scores PerfectCRITICAL
Vulnerabilities

Cisco Catalyst SD-WAN Controller Flaw CVE-2026-20182 Scores Perfect

Rapid7 discovered CVE-2026-20182, a 10.0-CVSS authentication bypass in Cisco Catalyst SD-WAN Controller. Unauthenticated attackers can inject SSH keys and issue NETCONF commands.

CVE-2026-20182CVE-2026-20127
4 min read
F5 Patches 51 Flaws: NGINX DoS, BIG-IP RCE Among Critical FixesCRITICAL
Vulnerabilities

F5 Patches 51 Flaws: NGINX DoS, BIG-IP RCE Among Critical Fixes

F5 fixed 19 high-severity and 32 medium-severity bugs across BIG-IP, BIG-IQ, and NGINX. The most severe, CVE-2026-42945 (CVSS 9.2), enables heap overflow DoS in NGINX rewrite...

CVE-2026-42945CVE-2026-41225CVE-2026-41957+2
4 min read
Hackers Exploit PraisonAI Auth Bypass Hours After DisclosureHIGH
Vulnerabilities

Hackers Exploit PraisonAI Auth Bypass Hours After Disclosure

Sysdig detected CVE-2026-44338 exploitation attempts within 3 hours 44 minutes of public advisory — attackers probed /agents on exposed PraisonAI instances.

CVE-2026-44338
3 min read
Hono Patches CSS Injection and Cache Poisoning FlawsMEDIUM
Vulnerabilities

Hono Patches CSS Injection and Cache Poisoning Flaws

Hono 4.12.18 fixes CVE-2026-44458 (CSS injection in JSX renderer, CVSS 4.3) and CVE-2026-44457 (cache poisoning via Vary header bypass, CVSS 5.3).

CVE-2026-44457CVE-2026-44458
4 min read
Malwarebytes Blocks Suspicious Yahoo Mail Redirects to Opaque DomainsMEDIUM
Industry News

Malwarebytes Blocks Suspicious Yahoo Mail Redirects to Opaque Domains

Malwarebytes blocks background connections from Yahoo Mail to domains like cook.howduhtable.com — third-party infrastructure with poor reputation and opaque redirect chains.

3 min read
Mythos AI Excels at Code Audits but Struggles With Exploit ValidationINFORMATIONAL
AI Security

Mythos AI Excels at Code Audits but Struggles With Exploit Validation

XBOW benchmarks show Anthropic's Mythos AI is potent for source code audits and reverse engineering, but inconsistent at exploit validation and prone to overstating findings.

3 min read
NIST NVD Enrichment Change Creates CVSS Gap for 80% of CVEsMEDIUM
Industry News

NIST NVD Enrichment Change Creates CVSS Gap for 80% of CVEs

NIST now enriches only 15-20% of CVEs under new policy as of April 2026, leaving 80% without CVSS scores or product mappings.

3 min read
← PrevPage 5 of 36Next →