A vulnerability in the Claude extension for Chrome could allow attackers to take over the AI agent and abuse it for information theft, cybersecurity firm LayerX reports. The flaw, dubbed ClaudeBleed, is a combination of lax permissions, where any Chrome… Read More "Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover"
Ivanti on Thursday published its May 2026 security updates for the Endpoint Manager Mobile (EPMM) product to address five vulnerabilities, including a zero-day exploited in targeted attacks. The exploited flaw, tracked as CVE-2026-6973, is a high-severity improper input validation issue… Read More "Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks"
Cisco on Wednesday announced patches for multiple vulnerabilities across its enterprise products, including five high-severity bugs. Two high-severity issues, tracked as CVE-2026-20034 and CVE-2026-20035, which could lead to server-side request forgery (SSRF) attacks, were resolved in Cisco Unity Connection. Rooted… Read More "Cisco Patches High-Severity Vulnerabilities in Enterprise Products"
Google on Wednesday announced the promotion of Chrome 148 to the stable channel with 127 security fixes, including three for critical-severity vulnerabilities. The first critical flaw is an integer overflow issue in Blink, tracked as CVE-2026-7896. It could allow remote… Read More "Chrome 148 Rolls Out With 127 Security Fixes"
Palo Alto Networks is working on patches for a critical PAN-OS zero-day that has been exploited to hack some of the company’s firewall models. Tracked as CVE-2026-0300, the vulnerability has been described as a buffer overflow affecting the User-ID Authentication… Read More "Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls"
Meta-owned WhatsApp has published two new security advisories describing vulnerabilities that were patched earlier this year in the popular messaging app. One of the vulnerabilities is CVE-2026-23863, a medium-impact attachment spoofing issue affecting WhatsApp for Windows prior to version 2.3000.1032164386.258709.… Read More "WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities"
Apache on Monday released patches for over a dozen vulnerabilities in HTTP Server and MINA, including critical and high-severity issues that could be exploited for remote code execution (RCE). Apache HTTP Server 2.4.67 was released with fixes for 11 vulnerabilities,… Read More "Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server"
Roughly 300,000 Ollama deployments are prone to sensitive information theft through a remotely exploitable, unauthenticated critical vulnerability, Cyera warns. Ollama is an open source solution for running LLMs on local machines and is highly popular among organizations as a self-hosted… Read More "Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft"
Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for remote code execution. The flaw, tracked as CVE-2026-0073, affects Android’s System component, allowing an attacker to exploit it to execute code… Read More "Critical Remote Code Execution Vulnerability Patched in Android"
Threat actors have separately started exploiting two critical-severity vulnerabilities in MetInfo and Weaver E-cology that allow them to execute arbitrary code remotely, without authentication. MetInfo is an enterprise content management system (CMS) that relies on PHP and MySQL and provides… Read More "MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs"
