Drupal is warning that hackers are attempting to exploit a „highly critical“ SQL injection vulnerability announced earlier this week. […]
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that can be exploited by anonymous attackers against sites using PostgreSQL databases. Tracked as the CVE-2026-9082 vulnerability, the issue resides in Drupal’s database abstraction API, which is supposed to sanitize queries before they reach the backend database. Drupal rates the flaw […]
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek.
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
Drupal has announced a „core security release“ scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. […]
Microsoft’s total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and identity abuse. […]
The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek.
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek.