Endpoint Security News – SecurityWeek Cybersecurity News, Insights & Analysis
- Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
by Ionut Arghire on June 2, 2026 at 12:25 pmA stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.
- Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypassby Ionut Arghire on May 20, 2026 at 3:39 pm
The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass appeared first on SecurityWeek.
- Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacksby Kevin Townsend on May 19, 2026 at 1:00 pm
Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based attack chains. The post Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks appeared first on SecurityWeek.
- PoC Released for DirtyDecrypt Linux Kernel Vulnerabilityby Ionut Arghire on May 19, 2026 at 9:42 am
Patched in April, the underlying vulnerability allows local attackers to elevate their privileges to root. The post PoC Released for DirtyDecrypt Linux Kernel Vulnerability appeared first on SecurityWeek.
- New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalationby Eduard Kovacs on May 14, 2026 at 1:44 pm
The vulnerability, tracked as CVE-2026-46300, is similar to the recently disclosed exploits named Dirty Frag and Copy Fail. The post New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation appeared first on SecurityWeek.
- New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacksby Eduard Kovacs on May 11, 2026 at 8:15 am
Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks appeared first on SecurityWeek.
- Exploitation of ‘Copy Fail’ Linux Vulnerability Beginsby Ionut Arghire on May 4, 2026 at 10:42 am
CISA has added the bug to its KEV list, and Microsoft has observed limited exploitation, mainly associated with PoC testing. The post Exploitation of ‘Copy Fail’ Linux Vulnerability Begins appeared first on SecurityWeek.
- ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeoverby Ionut Arghire on April 30, 2026 at 10:06 am
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek.
- Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Accessby Ionut Arghire on April 27, 2026 at 10:10 am
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek.
- Vulnerabilities Patched in CrowdStrike, Tenable Productsby Eduard Kovacs on April 24, 2026 at 9:49 am
CrowdStrike has fixed a critical LogScale vulnerability, while Tenable addressed a high-severity Nessus flaw. The post Vulnerabilities Patched in CrowdStrike, Tenable Products appeared first on SecurityWeek.
