Vulnerabilities News – SecurityWeek Cybersecurity News, Insights & Analysis
- In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested
by SecurityWeek News on April 17, 2026 at 12:00 pmOther noteworthy stories that might have slipped under the radar: ShinyHunters targets Rockstar Games, ShowDoc vulnerability exploited in the wild, and EPA to boost cybersecurity budget to $19 million. The post In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested appeared first on SecurityWeek.
- Recent Apache ActiveMQ Vulnerability Exploited in the Wildby Eduard Kovacs on April 17, 2026 at 9:50 am
The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April. The post Recent Apache ActiveMQ Vulnerability Exploited in the Wild appeared first on SecurityWeek.
- Cursor AI Vulnerability Exposed Developer Devicesby Ionut Arghire on April 17, 2026 at 7:29 am
An indirect prompt injection could be chained with a sandbox bypass and Cursor’s remote tunnel feature for shell access to machines. The post Cursor AI Vulnerability Exposed Developer Devices appeared first on SecurityWeek.
- Splunk Enterprise Update Patches Code Execution Vulnerabilityby Ionut Arghire on April 16, 2026 at 11:51 am
The flaw allows low-privileged users to upload files to a temporary directory to achieve remote code execution. The post Splunk Enterprise Update Patches Code Execution Vulnerability appeared first on SecurityWeek.
- Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contestby Eduard Kovacs on April 16, 2026 at 11:21 am
Researchers found more than 80 high-impact cloud and AI vulnerabilities during the event, which had a $5 million prize pool. The post Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest appeared first on SecurityWeek.
- NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Softwareby Ionut Arghire on April 16, 2026 at 10:47 am
To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched. The post NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software appeared first on SecurityWeek.
- Cisco Patches Critical Vulnerabilities in Webex, ISEby Ionut Arghire on April 16, 2026 at 10:04 am
The flaws can be exploited remotely to impersonate users or execute arbitrary commands on the underlying OS. The post Cisco Patches Critical Vulnerabilities in Webex, ISE appeared first on SecurityWeek.
- Exploited Vulnerability Exposes Nginx Servers to Hackingby Eduard Kovacs on April 15, 2026 at 2:45 pm
Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool. The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on SecurityWeek.
- ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacksby Kevin Townsend on April 15, 2026 at 1:34 pm
Researchers warn that a flaw in Anthropic’s Model Context Protocol allows unsanitized commands to execute silently, enabling full system compromise across widely used AI environments. The post ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks appeared first on SecurityWeek.
- Two Vulnerabilities Patched in Ivanti Neurons for ITSMby Ionut Arghire on April 15, 2026 at 11:38 am
The flaws could allow a remote attacker to maintain access after their account has been disabled and to access information from other user sessions. The post Two Vulnerabilities Patched in Ivanti Neurons for ITSM appeared first on SecurityWeek.
