soc

From service accounts to AI-driven processes, identity is evolving faster than most security programs can adapt. Discover strategies for reducing risk and regaining control. The post Webinar Today: Securing Identity Across Humans, Machines and AI appeared first on SecurityWeek.

Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek.

Operation HookedWing: 4-Year Multi-Sector Phishing Campaign From 2022 to the present, a persistent phishing campaign that has not been publicly documented until now, referred to in this report as Operation HookedWing, has been compromising organizations across multiple sectors and countries. The SOCRadar Threat Research team has identified that the campaign operates a custom phishing kit […]

Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on SecurityWeek.

CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-Adresse geschuetzt.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript executed through VM.run() can break out of the sandbox and reach the host process object, leading to arbitrary code execution (RCE) in the host Node.js process. This post […]

The company raised another $35 million as an extension to its previously announced Series C funding round. The post Autonomous Offensive Security Firm XBOW Raises $35 Million appeared first on SecurityWeek.

CVE-2026-23918: Apache HTTP Server HTTP/2 Double Free With Possible RCE CVE-2026-Adresse geschuetzt(httpd) that affects its HTTP/2 implementation and can lead to a double free during an HTTP/2 stream “early reset” condition. Apache describes the impact as “Double Free and possible RCE,” meaning the worst case is remote code […]

Apache has patched CVE-2026-23918, a critical flaw in Apache HTTP Server’s HTTP/2 handling that Apache describes as a “double free and possible RCE.” The issue affects Apache HTTP Server 2.4.66 and was fixed in 2.4.67, released on May 4, 2026. The CVE-2026-Adresse geschuetzt. Public reporting […] The post CVE-2026-23918: Critical Apache HTTP/2 Flaw Can Trigger […]

The startup will invest in expanding its training categories, optimizing video generation, and growing its partnership ecosystem. The post Herd Security Raises $3 Million for AI-Powered Training Platform appeared first on SecurityWeek.

Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft. The post Iranian APT Intrusion Masquerades as Chaos Ransomware Attack appeared first on SecurityWeek.