Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Vulnerability
Critical Flaws Exposed in zkLogin: Zero-Knowledge Proofs Can't Fix Broken Authentication

Critical Flaws Exposed in zkLogin: Zero-Knowledge Proofs Can't Fix Broken Authentication

Brave Software researchers have disclosed critical vulnerabilities in zkLogin, a widely-deployed blockchain authentication system used across the Sui…
Credential-Stealing Flaw in Ivanti EPM Lets Hackers Waltz Past Authentication

Credential-Stealing Flaw in Ivanti EPM Lets Hackers Waltz Past Authentication

Ivanti just patched a critical authentication bypass in its Endpoint Manager that hands attackers stored credentials on a silver platter—no login req…
Critical RCE Flaw in Popular Manga Translation Tool Exposes Thousands to Takeover

Critical RCE Flaw in Popular Manga Translation Tool Exposes Thousands to Takeover

A critical security vulnerability in manga-image-translator, a widely used open-source OCR tool with over 9,300 GitHub stars, allows attackers to exe…
New Notepad Flaw That Lets Hackers Execute Code via Markdown Files

New Notepad Flaw That Lets Hackers Execute Code via Markdown Files

Microsoft patched a serious security hole in Windows Notepad this week that could allow attackers to remotely execute malicious code on victims' …
AI Discovers Critical Zero-Click Flaw Threatening 8,500 Enterprise Remote Access Systems

AI Discovers Critical Zero-Click Flaw Threatening 8,500 Enterprise Remote Access Systems

Thousands of organisations running BeyondTrust's remote access tools face immediate risk after an AI security system uncovered a critical pre-aut…
NGINX Servers Exposed: Response Injection Flaw Puts Millions of Web Applications at Risk

NGINX Servers Exposed: Response Injection Flaw Puts Millions of Web Applications at Risk

A newly disclosed vulnerability in NGINX web servers could allow attackers positioned between servers and upstream systems to manipulate data flowing…
AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant

AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant

In a watershed moment for AI security, an autonomous hacking agent has successfully exploited another AI system, exposing a critical vulnerability in…
Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover

Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover

Security researchers at Horizon3.ai have uncovered a chain of critical vulnerabilities in SolarWinds Web Help Desk (WHD) that allows unauthenticated …
WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug

WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug

Six months after a critical WinRAR vulnerability was patched, hackers from Russia, China, and cybercrime groups continue to exploit it—turning a fixe…
OpenSSL Patches Critical S/MIME Flaw That Could Let Attackers Hijack Encrypted Email

OpenSSL Patches Critical S/MIME Flaw That Could Let Attackers Hijack Encrypted Email

A vulnerability in OpenSSL's email encryption system could allow attackers to crash servers or execute malicious code without authentication cred…
React Faces Third Wave of Vulnerabilities as Researchers Uncover DoS Flaws in Patched Code

React Faces Third Wave of Vulnerabilities as Researchers Uncover DoS Flaws in Patched Code

React developers are facing yet another emergency patching cycle after security researchers discovered additional denial-of-service vulnerabilities w…
AMD CPUs Expose Critical Flaw: StackWarp Attack Breaks Security on Cloud Servers

AMD CPUs Expose Critical Flaw: StackWarp Attack Breaks Security on Cloud Servers

A newly disclosed hardware vulnerability in AMD processors threatens the foundation of confidential computing, allowing attackers to hijack secure vi…
Two Missing Characters Nearly Compromised Every AWS Account Worldwide

Two Missing Characters Nearly Compromised Every AWS Account Worldwide

Security researchers at Wiz have exposed a hair-raising vulnerability that could have given attackers complete control over the AWS JavaScript SDK—th…
Hackers Could Hijack ServiceNow AI Agents Using Just an Email Address

Hackers Could Hijack ServiceNow AI Agents Using Just an Email Address

An attacker halfway across the world with nothing but your email address could hijack your company's AI agents, create backdoor admin accounts, a…
How 100,000 Automation Servers Became a Master Key to Enterprise Data

How 100,000 Automation Servers Became a Master Key to Enterprise Data

A critical security flaw in n8n—the workflow automation darling of the AI era—has exposed an estimated 100,000 servers to complete takeover, turning …
MongoDB's No-Login Memory Leak Exposes Years of Database Deployments

MongoDB's No-Login Memory Leak Exposes Years of Database Deployments

MongoDB has rushed patches for a high-severity vulnerability that transforms the database giant's compression feature into an open door for memor…
Critical n8n Flaw Exposes Thousands of Workflow Automation Servers to Remote Takeover

Critical n8n Flaw Exposes Thousands of Workflow Automation Servers to Remote Takeover

A severe security vulnerability in n8n, the rapidly growing open-source automation platform, has left thousands of self-hosted servers vulnerable to …
HPE's IT Management Platform Exposes Thousands of Enterprises to Perfect-Score Exploit

HPE's IT Management Platform Exposes Thousands of Enterprises to Perfect-Score Exploit

IT administrators managing HPE infrastructure just got an urgent wakeup call. A vulnerability in HPE OneView—the centralized dashboard that controls …
Critical FreePBX Flaws Expose Business Phone Systems to Complete Takeover

Critical FreePBX Flaws Expose Business Phone Systems to Complete Takeover

Security researchers have uncovered a trio of severe vulnerabilities in FreePBX, an open-source business phone system management platform, that could…
React Patches Two New Flaws Following React2Shell Chaos

React Patches Two New Flaws Following React2Shell Chaos

Two additional vulnerabilities discovered in React Server Components after critical React2Shell disclosure ; immediate patches required Security rese…