Rogue Agent: Critical GCP Dialogflow Flaw Let Attackers Inject Malicious Code Into AI Chatbots
Varonis Threat Labs disclosed a critical Dialogflow CX flaw, dubbed Rogue Agent, that let attackers with a single edit permission inject persistent malicious code into shared chatbot execution...
GitLost: How a Single GitHub Issue Can Trick AI Agents Into Leaking Private Repos
Researchers at Noma Labs disclosed GitLost, a prompt-injection flaw that let a single crafted GitHub Issue trick AI-powered Agentic Workflows into leaking private repository contents publicly, using a...
Tenda Router Backdoor (CVE-2026-11405) Lets Attackers Skip Login and Seize Full Admin Control
A hardcoded authentication backdoor in Tenda FH1201, W15E, AC10, AC5, and AC6 routers (CVE-2026-11405) lets attackers log in as admin with any username. The undocumented flaw sits in...
Januscape: 16-Year-Old Linux KVM Flaw (CVE-2026-53359) Lets Malicious VMs Corrupt Host Kernel Memory
A 16-year-old flaw in Linux KVM, tracked as CVE-2026-53359 and dubbed Januscape, lets a malicious guest VM corrupt host kernel memory via a use-after-free in the shadow MMU's...
Critical BeyondTrust Flaws (CVSS 9.2) in Remote Support and PRA Let Attackers Bypass Access Controls
BeyondTrust disclosed critical flaws (advisory BT26-03, CVSS 9.2) in Remote Support and Privileged Remote Access that let limited-privilege users bypass access controls. Cloud customers were auto-patched in April...
New “Bad Epoll” Linux Zero-Day Lets Local Users Root Servers and Android Devices
A newly disclosed Linux kernel flaw dubbed “Bad Epoll” (CVE-2026-46242) lets a local, unprivileged user escalate to root on Linux servers, desktops, and Android devices via a use-after-free...
Seven New CVEs in FatFs Filesystem Driver Put Millions of Embedded and IoT Devices at Risk
runZero has disclosed seven new CVEs in FatFs, the FAT/exFAT filesystem driver used across ESP-IDF, STM32Cube, Zephyr, MicroPython, and countless other embedded platforms. The bugs range from CVSS...
Apache ActiveMQ Patches Three Vulnerabilities Enabling DoS, Data Leakage, and Privilege Escalation
Apache ActiveMQ users should urgently patch three newly disclosed vulnerabilities — CVE-2026-53917, CVE-2026-54475, and CVE-2026-49877 — that can crash brokers, break temporary-destination isolation, and let low-privilege Web Console...