“Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads, Report
Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden…
Vulnerability
Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks
Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mec…
FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion
Cybersecurity researchers have a detailed a critical security flaw in Fortinet’s FortiClient Enterprise Management Server (EMS). Tracked as CVE-2026-21643, this severe pre-authentication SQL injection vulnerability carries a near-maximum CVSS severity …
AWS Bedrock AgentCore Sandbox Bypass Enables Stealthy C2 and Data Exfiltration
A newly disclosed vulnerability in AWS Bedrock AgentCore Code Interpreter allows threat actors to bypass network isolation and establish stealthy command-and-control (C2) channels. AWS originally advertised this mode as providing complete isolation wit…
UK Companies House Exposed Details of Millions of Firms
The government agency confirmed the vulnerability could have been exploited to obtain company details and alter records.
The post UK Companies House Exposed Details of Millions of Firms appeared first on SecurityWeek.
CISA Flags Year-Old Wing FTP Vulnerability as Exploited
Tracked as CVE-2025-47813, the flaw leads to the disclosure of the full local installation path of the application.
The post CISA Flags Year-Old Wing FTP Vulnerability as Exploited appeared first on SecurityWeek.
Angular XSS Vulnerability Threatens Thousands of Web Applications
A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-32635, has been discovered in Angular, one of the world’s most widely used web application frameworks. This flaw resides in the Angular runtime and compiler and affects…
CISA Issues Alert on Wing FTP Server Vulnerability Used in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical vulnerability in the Wing FTP Server. On March 16, 2026, the agency officially added this security flaw to its Known Exploited Vulnerab…
Researchers Uncover Ways to Decrypt Palo Alto Cortex XDR BIOC Rules for Evasion
Cybersecurity researchers have discovered a critical evasion technique in Palo Alto Networks’ Cortex XDR agent that allowed attackers to completely bypass behavioral detections. The research demonstrates how predefined Behavioral Indicators of Co…
CISA Alerts Users to Exploited Chrome 0-Day Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being expl…