Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Vulnerability
Opening a Single File in Vim Can Hand Attackers Full Control of Your System

Opening a Single File in Vim Can Hand Attackers Full Control of Your System

A two-bug chain quietly sitting in Vim since version 9.1.1391 lets a malicious file execute arbitrary shell commands the moment you open it — no plug…
One Packet. Full Root. GNU Telnetd Has a Critical Hole Nobody Logged

One Packet. Full Root. GNU Telnetd Has a Critical Hole Nobody Logged

Security researchers have found a critical, pre-authentication remote code execution flaw in the telnetd server in GNU Inetutils that allows any unau…
Hackers Could Hijack Your Machine Just by Sharing a Git Repo — Claude Code Users Were at Risk

Hackers Could Hijack Your Machine Just by Sharing a Git Repo — Claude Code Users Were at Risk

Developers who use Anthropic's Claude Code to write software with AI assistance were sitting on a serious security blind spot: cloning the wrong …
n8n Hit Again: Critical RCE Flaw Lets Attackers Hijack Servers by Chaining Three Harmless-Looking Nodes

n8n Hit Again: Critical RCE Flaw Lets Attackers Hijack Servers by Chaining Three Harmless-Looking Nodes

Security researcher Fatih Çelik has disclosed yet another critical remote code execution (RCE) vulnerability in n8n, the popular open-source workflow…
Critical Flaws Exposed in zkLogin: Zero-Knowledge Proofs Can't Fix Broken Authentication

Critical Flaws Exposed in zkLogin: Zero-Knowledge Proofs Can't Fix Broken Authentication

Brave Software researchers have disclosed critical vulnerabilities in zkLogin, a widely-deployed blockchain authentication system used across the Sui…
Credential-Stealing Flaw in Ivanti EPM Lets Hackers Waltz Past Authentication

Credential-Stealing Flaw in Ivanti EPM Lets Hackers Waltz Past Authentication

Ivanti just patched a critical authentication bypass in its Endpoint Manager that hands attackers stored credentials on a silver platter—no login req…
Critical RCE Flaw in Popular Manga Translation Tool Exposes Thousands to Takeover

Critical RCE Flaw in Popular Manga Translation Tool Exposes Thousands to Takeover

A critical security vulnerability in manga-image-translator, a widely used open-source OCR tool with over 9,300 GitHub stars, allows attackers to exe…
New Notepad Flaw That Lets Hackers Execute Code via Markdown Files

New Notepad Flaw That Lets Hackers Execute Code via Markdown Files

Microsoft patched a serious security hole in Windows Notepad this week that could allow attackers to remotely execute malicious code on victims' …
AI Discovers Critical Zero-Click Flaw Threatening 8,500 Enterprise Remote Access Systems

AI Discovers Critical Zero-Click Flaw Threatening 8,500 Enterprise Remote Access Systems

Thousands of organisations running BeyondTrust's remote access tools face immediate risk after an AI security system uncovered a critical pre-aut…
NGINX Servers Exposed: Response Injection Flaw Puts Millions of Web Applications at Risk

NGINX Servers Exposed: Response Injection Flaw Puts Millions of Web Applications at Risk

A newly disclosed vulnerability in NGINX web servers could allow attackers positioned between servers and upstream systems to manipulate data flowing…
AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant

AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant

In a watershed moment for AI security, an autonomous hacking agent has successfully exploited another AI system, exposing a critical vulnerability in…
Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover

Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover

Security researchers at Horizon3.ai have uncovered a chain of critical vulnerabilities in SolarWinds Web Help Desk (WHD) that allows unauthenticated …
WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug

WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug

Six months after a critical WinRAR vulnerability was patched, hackers from Russia, China, and cybercrime groups continue to exploit it—turning a fixe…
OpenSSL Patches Critical S/MIME Flaw That Could Let Attackers Hijack Encrypted Email

OpenSSL Patches Critical S/MIME Flaw That Could Let Attackers Hijack Encrypted Email

A vulnerability in OpenSSL's email encryption system could allow attackers to crash servers or execute malicious code without authentication cred…
React Faces Third Wave of Vulnerabilities as Researchers Uncover DoS Flaws in Patched Code

React Faces Third Wave of Vulnerabilities as Researchers Uncover DoS Flaws in Patched Code

React developers are facing yet another emergency patching cycle after security researchers discovered additional denial-of-service vulnerabilities w…
AMD CPUs Expose Critical Flaw: StackWarp Attack Breaks Security on Cloud Servers

AMD CPUs Expose Critical Flaw: StackWarp Attack Breaks Security on Cloud Servers

A newly disclosed hardware vulnerability in AMD processors threatens the foundation of confidential computing, allowing attackers to hijack secure vi…
Two Missing Characters Nearly Compromised Every AWS Account Worldwide

Two Missing Characters Nearly Compromised Every AWS Account Worldwide

Security researchers at Wiz have exposed a hair-raising vulnerability that could have given attackers complete control over the AWS JavaScript SDK—th…
Hackers Could Hijack ServiceNow AI Agents Using Just an Email Address

Hackers Could Hijack ServiceNow AI Agents Using Just an Email Address

An attacker halfway across the world with nothing but your email address could hijack your company's AI agents, create backdoor admin accounts, a…
How 100,000 Automation Servers Became a Master Key to Enterprise Data

How 100,000 Automation Servers Became a Master Key to Enterprise Data

A critical security flaw in n8n—the workflow automation darling of the AI era—has exposed an estimated 100,000 servers to complete takeover, turning …
MongoDB's No-Login Memory Leak Exposes Years of Database Deployments

MongoDB's No-Login Memory Leak Exposes Years of Database Deployments

MongoDB has rushed patches for a high-severity vulnerability that transforms the database giant's compression feature into an open door for memor…