Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

Rogue Agent: Critical GCP Dialogflow Flaw Let Attackers Inject Malicious Code Into AI Chatbots

8 July 2026  |  dark6  |  Vulnerability

Varonis Threat Labs disclosed a critical Dialogflow CX flaw, dubbed Rogue Agent, that let attackers with a single edit permission inject persistent malicious code into shared chatbot execution...

>> read more

GitLost: How a Single GitHub Issue Can Trick AI Agents Into Leaking Private Repos

8 July 2026  |  dark6  |  Vulnerability

Researchers at Noma Labs disclosed GitLost, a prompt-injection flaw that let a single crafted GitHub Issue trick AI-powered Agentic Workflows into leaking private repository contents publicly, using a...

>> read more

Tenda Router Backdoor (CVE-2026-11405) Lets Attackers Skip Login and Seize Full Admin Control

7 July 2026  |  dark6  |  Vulnerability

A hardcoded authentication backdoor in Tenda FH1201, W15E, AC10, AC5, and AC6 routers (CVE-2026-11405) lets attackers log in as admin with any username. The undocumented flaw sits in...

>> read more

Januscape: 16-Year-Old Linux KVM Flaw (CVE-2026-53359) Lets Malicious VMs Corrupt Host Kernel Memory

7 July 2026  |  dark6  |  Vulnerability

A 16-year-old flaw in Linux KVM, tracked as CVE-2026-53359 and dubbed Januscape, lets a malicious guest VM corrupt host kernel memory via a use-after-free in the shadow MMU's...

>> read more

Critical BeyondTrust Flaws (CVSS 9.2) in Remote Support and PRA Let Attackers Bypass Access Controls

7 July 2026  |  dark6  |  Vulnerability

BeyondTrust disclosed critical flaws (advisory BT26-03, CVSS 9.2) in Remote Support and Privileged Remote Access that let limited-privilege users bypass access controls. Cloud customers were auto-patched in April...

>> read more

New “Bad Epoll” Linux Zero-Day Lets Local Users Root Servers and Android Devices

6 July 2026  |  dark6  |  Vulnerability

A newly disclosed Linux kernel flaw dubbed “Bad Epoll” (CVE-2026-46242) lets a local, unprivileged user escalate to root on Linux servers, desktops, and Android devices via a use-after-free...

>> read more

Seven New CVEs in FatFs Filesystem Driver Put Millions of Embedded and IoT Devices at Risk

6 July 2026  |  dark6  |  Vulnerability

runZero has disclosed seven new CVEs in FatFs, the FAT/exFAT filesystem driver used across ESP-IDF, STM32Cube, Zephyr, MicroPython, and countless other embedded platforms. The bugs range from CVSS...

>> read more

Apache ActiveMQ Patches Three Vulnerabilities Enabling DoS, Data Leakage, and Privilege Escalation

6 July 2026  |  dark6  |  Vulnerability

Apache ActiveMQ users should urgently patch three newly disclosed vulnerabilities — CVE-2026-53917, CVE-2026-54475, and CVE-2026-49877 — that can crash brokers, break temporary-destination isolation, and let low-privilege Web Console...

>> read more