Vulnerability News

A critical authentication bypass vulnerability in Nginx UI, tracked as CVE-2026-33032 with a maximum CVSS score of 9.8, is currently being actively exploited in the wild. This flaw allows unauthenticated remote attackers to gain complete control over affected Nginx web servers. Cybersecurity researchers from Pluto Security discovered the vulnerability, which stems from a single missing The post Nginx-ui Vulnerability Actively Exploited in Attack – Enables Full Server Takeover appeared first on Cyber Security News.

Adobe has released a critical security bulletin on April 14, 2026, to address multiple vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. According to the official advisory, successful exploitation of these flaws could allow attackers to execute arbitrary code or read arbitrary files on a targeted system. While these threats carry high severity The post Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

A critical security alert warns of a severe default password vulnerability affecting Support Insights Virtual Lightweight Collector (vLWC) appliances. This flaw enables unauthenticated network-based attackers to gain full administrative control of exposed network devices easily. Formally tracked as CVE-2026-33784, this vulnerability has a near-maximum Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of The post Juniper Networks Default Password Vulnerability Let Attacker Take Full Control of the Device appeared first on Cyber Security News.

Google has released its highly anticipated Android Security Bulletin for April 2026, bringing essential security patches to millions of Android devices worldwide.  The most pressing issue in this month’s rollout is CVE-2026-0049, a critical zero-interaction vulnerability residing in the core Android Framework. If exploited, this flaw allows attackers to trigger a local denial-of-service (DoS) attack The post Critical Android “Zero-Interaction” Vulnerability Enables DoS Attacks appeared first on Cyber Security News.

A critical warning has been issued over a newly discovered zero-day vulnerability in Google Chrome, raising serious concerns for users worldwide. This flaw is actively exploited in the wild, allowing attackers to bypass security protections and execute malicious code, and was added to the Known Exploited Vulnerabilities (KEV) catalog on April 1, 2026. The discovery The post CISA Warns of Chrome 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Users routinely trust AI assistants with highly sensitive information, including medical records, financial documents, and proprietary business code. Check Point Research recently disclosed a critical vulnerability in ChatGPT’s architecture that allowed attackers to extract this exact type of user data silently. By abusing a covert outbound channel in ChatGPT’s isolated code execution environment, attackers could The post ChatGPT Vulnerability Let Attackers Silently Exfiltrate User Prompts and Other Sensitive Data appeared first on Cyber Security News.

Red Hat has issued a critical security warning regarding malicious code discovered in recent versions of the “xz” compression tools and libraries. Tracked as CVE-2024-3094, this highly sophisticated supply chain compromise could allow threat actors to bypass authentication and gain unauthorized remote access to affected Linux systems. The xz utility is a fundamental data compression The post Red Hat Warns of Malware Code Embedded in Popular Linux Tool Allow Unauthorized Access to Systems appeared first on Cyber Security News.

A newly analyzed local privilege escalation vulnerability in the Windows Error Reporting (WER) service allows attackers to easily gain full SYSTEM access. The flaw, tracked as CVE-2026-20817, was considered so structurally dangerous that Microsoft completely removed the vulnerable feature rather than attempting a traditional code patch.​ The security flaw exists within the main executable library The post New Windows Error Reporting Vulnerability Lets Attackers Escalate to Gain SYSTEM Access appeared first on Cyber Security News.

A critical vulnerability in Craft CMS (CVE-2025-32432) has been added to the Known Exploited Vulnerabilities catalog following confirmed active exploitation in the wild. Security teams and system administrators are advised to address this issue immediately to prevent severe network compromises. The vulnerability is a severe code injection flaw, categorized under CWE-94, which involves improper control The post CISA Warns of Craft CMS Code Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

An urgent warning highlights a critical zero-day in Cisco products, now added to the CISA Known Exploited Vulnerabilities Catalog after active exploitation in ransomware campaigns. Network defenders and security administrators are urged to take immediate action. The rapid exploitation of this vulnerability by financially motivated threat actors highlights the severe risk it poses to enterprise The post CISA Warns of Cisco Secure Firewall Management Center 0-Day Exploited in Ransomware Attacks appeared first on Cyber Security News.