A new vulnerability with increased severity was disclosed for Google Chrome (CVE-2026-3909) https://vuldb.com/?id.350787

Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code

Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious […]

The post Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

A severe vulnerability was disclosed for Google Chrome (CVE-2026-3910) https://vuldb.com/?id.350788

Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code

Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious […]

The post Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

US agencies face a CISA deadline to secure networks after a critical Cisco SD-WAN flaw (CVE-2026-20127) exposed federal systems to long-term intrusion and admin access.

Read: https://hackread.com/us-agencies-cisa-deadline-critical-cisco-sd-wan-flaw/

#CyberSecurity #Cisco #SDWAN #CISA #Vulnerability

Check your #Cisco #SDWAN deployments about Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127

How to mitigate #vulnerabilities in Cisco SD-WAN Systems can be found here: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems

#WordPress und die PlugIn Hölle. 😵‍💫

"The plugin is used on over 400,000 WordPress sites." 😭

"An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on February 4, 2026."

CVE-2026-2413 (CVSS score 7.5)

"Users are urged to update to Ally version 4.1.0 to mitigate the risk."

https://securityaffairs.com/189354/security/critical-sql-injection-bug-in-ally-plugin-threatens-400000-wordpress-sites.html

#WordPress

Over 200,000 #WordPress sites are exposed due to an SQL injection flaw in the Ally plugin (CVE-2026-2413), allowing attackers to extract database data. Patch released, but many sites remain vulnerable.

Read: https://hackread.com/sql-injection-vulnerability-ally-wordpress-plugin/

#CyberSecurity #SQLInjection #Vulnerability

⚠️ CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

｢ The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched by n8n in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0. CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog ｣
https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html

#n8n #cisa #rce #cybersecurity

Critical Splunk RCE Vulnerability (CVE-2026–20163) Lets Attackers Run Shell Commands on Your Server
The discovered vulnerability is a Remote Code Execution (RCE) in Splunk, a popular data processing software. The flaw stems from insufficient input validation in the application's search interface. By constructing a crafted search query, an attacker can exploit the vulnerability and execute arbitrary shell commands on the target server. Specifically, an attacker can utilize the 'enableJavaScript' and 'enableCookies' search commands to trigger the RCE. When the search interface receives a request, it inadvertently executes JavaScript provided by the attacker, enabling further exploitation. The impact of this vulnerability is severe, as it allows unauthorized execution of commands with the privileges of the Splunk user, potentially leading to data breaches or unauthorized access. The researcher received a $15,000 bounty from Splunk for reporting this critical issue. To remediate, Splunk suggests implementing input validation and sanitization for user-supplied search queries. Key lesson: Always validate user inputs to prevent RCE attacks. #BugBounty #Cybersecurity #RCE #Splunk #InputValidation

https://medium.com/@EternalSec/critical-splunk-rce-vulnerability-cve-2026-20163-lets-attackers-run-shell-commands-on-your-server-244fcbe3497d?source=rss------bug_bounty-5

Traefik v2.11.40 is out! It includes a CRITICAL security fix for CVE-2026-27141. Update your instances NOW to keep your self-hosted setup secure! Also bumps Docker & Golang dependencies.

https://github.com/traefik/traefik/releases/tag/v2.11.40

#selfhosted #homelab