View CSAF Summary Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment. The following versions of Ceragon Siklu MultiHaul and EtherHaul Series are affected: MultiHaul MH-B100-CCS MultiHaul MH-T200-CCC MultiHaul MH-T200-CNN MultiHaul MH-T201-CNN EtherHaul EH-8010FX…
Category: EN
Honeywell IQ4x BMS Controller
View CSAF Summary Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service condition. The following versions of Honeywell IQ4x BMS Controller are affected: IQ4E >=Firmware_v3.50_3.44|<4.36_build_4.3.7.9 (CVE-2026-3611)…
U.S. military contractor likely built iPhone hacking tools used by Russian spies in Ukraine
Google found a series of hacking tools they said were used by a Russian espionage group and a cybercriminal group in China. Sources from a U.S. government defense contractor said some of those hacking tools were theirs. This article has…
Ivanti Desktop and Server Management Vulnerability Allows Attackers to Escalate Privileges
Ivanti has issued a security update for its Desktop and Server Management (DSM) software, addressing a high-severity vulnerability that could allow a local authenticated attacker to escalate their privileges on affected systems. The flaw, tracked as CVE-2026-3483, carries a CVSS…
OpenAI to Acquire Promptfoo to Fix Vulnerabilities in AI Systems
OpenAI has announced its acquisition of Promptfoo, an artificial intelligence security platform designed to help enterprises find and fix vulnerabilities during development. This strategic move aims to secure AI systems against emerging threats, such as prompt injection and jailbreaks, before…
Malformed ZIP Files Allows Attackers to Bypass Antivirus and EDR Detections
A critical flaw in how antivirus and Endpoint Detection and Response (EDR) systems process archive files. Tracked as CVE-2026-0866, this weakness allows attackers to use intentionally malformed ZIP headers to sneak malicious payloads past standard security scanners entirely undetected. ZIP…
Cloudflare Pingora Vulnerabilities Allows Request Smuggling & Cache Poisoning Attacks
Cloudflare has released version 0.8.0 of its open-source Pingora framework to patch three critical vulnerabilities: CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836. These flaws allow HTTP request smuggling and cache poisoning, posing a severe threat to standalone Pingora deployments exposed directly to the…
Microsoft Patch Tuesday March 2026 – 78 Vulnerabilities Fixed, Including One 0-day
Microsoft released its March 2026 Patch Tuesday security update on March 10, 2026, addressing 78 vulnerabilities across a wide range of products, including Windows, Microsoft Office, Azure, SQL Server, and .NET. The update includes one actively exploited zero-day vulnerability and…
How to see your Google Search history (and delete it)
Google knows a lot about you. Here’s how to check your Google Search history and how to prevent future tracking. This article has been indexed from Malwarebytes Read the original article: How to see your Google Search history (and delete…
Jazz Emerges From Stealth With $61M in Funding for AI-Powered DLP
The startup brings AI to data loss prevention to provide visibility into intent, context, and risk. The post Jazz Emerges From Stealth With $61M in Funding for AI-Powered DLP appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities. …
China-Linked Hackers Hit Qatar with Backdoor Disguised as War News
China-linked hackers targeted Qatar using fake war news lures to spread PlugX backdoor malware and spy on military and energy sectors. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
OpenAI’s Promptfoo Deal Plugs Agentic AI Testing Gap
OpenAI’s latest acquisition addresses a security need Jamieson O’Reilly, security advisor at OpenClaw, raised during an exclusive interview with Infosecurity This article has been indexed from www.infosecurity-magazine.com Read the original article: OpenAI’s Promptfoo Deal Plugs Agentic AI Testing Gap
400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin
On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as…
Build Transformative Security with AI-Powered WAF Detections
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Build Transformative Security with AI-Powered WAF Detections
Age Verification Laws for Social Media Raise Privacy Concerns and Enforcement Challenges
Across nations, governments push tighter rules limiting young users’ access to social media. Because of worries over endless scrolling, disturbing material online, or growing emotional struggles in teens, officials demand change. Minimum entry ages – often 13 or 16…
Conduent Leak: One of the Largest Breaches in The U.S
Conduent, a business that offers printing, payment, and document processing services to some of the biggest health insurance companies in the nation, has had at least 25 million people’s personal information stolen. Addresses, social security numbers, and health information were…
Apple Rolls Out Global Age-Verification System to Protect Kids Online
Apple has rolled out a new global age-verification system across its platforms, aimed at keeping kids safer online while helping developers comply with tightening child safety laws worldwide. The move targets both app downloads and in‑app experiences, with a…
An iPhone-hacking toolkit used by Russian spies likely came from US military contractor
Google found a series of hacking tools they said were used by a Russian espionage group and a cybercriminal group in China. Sources from a U.S. government defense contractor said some of those hacking tools were theirs. This article has…
When your DDoS mitigation provider goes down: Why traffic control can’t be outsourced
Since the headline-grabbing outages of 2021, we’ve had recurring conversations with large enterprises asking some version of the same question. Do we really want our CDN, security, and routing control to live in the same place? This issue of control…