<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>InfoSecRadar — Vulnerabilities &amp; Exploits</title>
    <link>https://infosecradar.com/feeds/vulnerabilities.xml</link>
    <description>Vulnerabilities &amp; Exploits stories from InfoSecRadar</description>
    <atom:link href="https://infosecradar.com/feeds/vulnerabilities.xml" rel="self"/>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>InfoSecRadar</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 14:10:19 +0000</lastBuildDate>
    <item>
      <title>CISA warns admins to patch actively exploited SharePoint flaws</title>
      <link>https://infosecradar.com/stories/2026/07/15/cisa-warns-admins-to-patch-actively-exploited-sharepoint-flaws/</link>
      <description>CISA has issued a warning regarding three actively exploited vulnerabilities in on-premises SharePoint Server instances. Administrators are urged to patch these flaws immediately to prevent further exploitation by attackers.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-actively-exploited-sharepoint-flaws/</guid>
      <pubDate>Wed, 15 Jul 2026 09:44:52 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-actively-exploited-sharepoint-flaws/">Bleeping Computer</source>
    </item>
    <item>
      <title>Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption</title>
      <link>https://infosecradar.com/stories/2026/07/15/progress-confirms-zero-day-vulnerability-behind-sharefile-disruption/</link>
      <description>Progress has confirmed a zero-day vulnerability is the cause of recent disruptions affecting its ShareFile service. The company has released a patch and is working to restore access for affected Storage Zones Controller customers who apply the fix.</description>
      <guid isPermaLink="false">https://www.securityweek.com/progress-confirms-zero-day-vulnerability-behind-sharefile-disruption/</guid>
      <pubDate>Wed, 15 Jul 2026 09:48:29 +0000</pubDate>
      <source url="https://www.securityweek.com/progress-confirms-zero-day-vulnerability-behind-sharefile-disruption/">SecurityWeek</source>
    </item>
    <item>
      <title>Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution</title>
      <link>https://infosecradar.com/stories/2026/07/15/cursor-flaw-lets-malicious-cloned-repositories-trigger-windows-code-execution/</link>
      <description>A critical flaw has been discovered in the Cursor code editor that allows malicious cloned repositories to execute arbitrary code on Windows. If a repository contains a file named 'git.exe' in its root directory, Cursor will automatically run it without any user interaction, potentially exposing sensitive data and credentials.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html</guid>
      <pubDate>Wed, 15 Jul 2026 10:55:22 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html">The Hacker News</source>
    </item>
    <item>
      <title>Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow</title>
      <link>https://infosecradar.com/stories/2026/07/15/vulnerabilities-patched-by-fortinet-ivanti-servicenow/</link>
      <description>Fortinet, Ivanti, and ServiceNow have released patches for critical vulnerabilities. A significant flaw in ServiceNow's AI platform could enable remote attackers to execute arbitrary code.</description>
      <guid isPermaLink="false">https://www.securityweek.com/vulnerabilities-patched-by-fortinet-ivanti-servicenow/</guid>
      <pubDate>Wed, 15 Jul 2026 11:02:57 +0000</pubDate>
      <source url="https://www.securityweek.com/vulnerabilities-patched-by-fortinet-ivanti-servicenow/">SecurityWeek</source>
    </item>
    <item>
      <title>Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday</title>
      <link>https://infosecradar.com/stories/2026/07/15/researcher-drops-new-windows-zero-day-poc-hours-after-microsoft-patch-tuesday/</link>
      <description>A security researcher has released a proof-of-concept exploit for a new Windows zero-day vulnerability called LegacyHive. This vulnerability allows for arbitrary hive load elevation of privileges within the Windows User Profile Service, a critical system component.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html</guid>
      <pubDate>Wed, 15 Jul 2026 11:07:07 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html">The Hacker News</source>
    </item>
    <item>
      <title>CISA Adds Two Known Exploited Vulnerabilities to Catalog</title>
      <link>https://infosecradar.com/stories/2026/07/15/cisa-adds-two-known-exploited-vulnerabilities-to-catalog/</link>
      <description>CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, specifically CVE-2023-4346 and CVE-2026-46817, due to evidence of active exploitation. The article emphasizes the importance of the KEV Catalog for federal agencies in prioritizing security updates based on risk, as mandated by Binding Operational Directive (BOD) 26-04, and encourages all organizations to adopt similar risk-based vulnerability management practices.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/alerts/2026/07/15/cisa-adds-two-known-exploited-vulnerabilities-catalog</guid>
      <pubDate>Wed, 15 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/alerts/2026/07/15/cisa-adds-two-known-exploited-vulnerabilities-catalog">CISA Alerts</source>
    </item>
    <item>
      <title>New bugs in Claude for Chrome allow extensions to abuse AI privileges</title>
      <link>https://infosecradar.com/stories/2026/07/15/new-bugs-in-claude-for-chrome-allow-extensions-to-abuse-ai-privileges/</link>
      <description>Researchers have discovered two vulnerabilities in the Claude for Chrome extension that allow malicious browser extensions to trigger privileged actions, such as reading Gmail messages and Google Docs content. These flaws remain exploitable months after being reported, with the affected code appearing unchanged in recent versions.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197325/new-bugs-in-claude-for-chrome-allow-extensions-to-abuse-ai-privileges.html</guid>
      <pubDate>Wed, 15 Jul 2026 12:06:36 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197325/new-bugs-in-claude-for-chrome-allow-extensions-to-abuse-ai-privileges.html">CSO Online</source>
    </item>
    <item>
      <title>New Windows Bind Link techniques let attackers evade EDR, security controls</title>
      <link>https://infosecradar.com/stories/2026/07/15/new-windows-bind-link-techniques-let-attackers-evade-edr-security-controls/</link>
      <description>Attackers are leveraging new techniques that abuse Windows Bind Links, a legitimate filesystem virtualization capability, to evade detection by endpoint security tools like EDR, AMSI, and AppLocker. Bitdefender researchers identified three methods – File Binding, Process-Binding, and Silo-Binding – that redirect trusted file paths to malicious ones, allowing malware to execute undetected.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197184/new-windows-bind-link-techniques-let-attackers-evade-edr-security-controls.html</guid>
      <pubDate>Wed, 15 Jul 2026 13:00:00 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197184/new-windows-bind-link-techniques-let-attackers-evade-edr-security-controls.html">CSO Online</source>
    </item>
    <item>
      <title>2-Click Cursor Exploit Enables Dev Environment Takeover</title>
      <link>https://infosecradar.com/stories/2026/07/15/2-click-cursor-exploit-enables-dev-environment-takeover/</link>
      <description>A newly discovered "2-click cursor exploit" leverages fundamental, age-old bugs within development environments to grant attackers access to sensitive developer secrets and source code. This vulnerability can lead to a full takeover of the development environment, posing a significant risk to intellectual property and software integrity.</description>
      <guid isPermaLink="false">https://www.darkreading.com/application-security/2-click-cursor-exploit-dev-environment-takeover</guid>
      <pubDate>Wed, 15 Jul 2026 13:00:00 +0000</pubDate>
      <source url="https://www.darkreading.com/application-security/2-click-cursor-exploit-dev-environment-takeover">Dark Reading</source>
    </item>
    <item>
      <title>Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws</title>
      <link>https://infosecradar.com/stories/2026/07/15/firefox-chrome-adobe-and-vmware-updates-fix-multiple-critical-security-flaws/</link>
      <description>Mozilla has released updates for Firefox to fix two critical security vulnerabilities. The company has warned that exploit code for these flaws is publicly available.  One vulnerability affects the WebAssembly component, while the other impacts the DOM navigation.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html</guid>
      <pubDate>Wed, 15 Jul 2026 13:18:53 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html">The Hacker News</source>
    </item>
    <item>
      <title>We built a vulnerability vending machine: AI tokens in, zero-days out</title>
      <link>https://infosecradar.com/stories/2026/07/15/we-built-a-vulnerability-vending-machine-ai-tokens-in-zero-days-out/</link>
      <description>Intruder has developed an AI-powered system, dubbed a "vulnerability vending machine," that automates the discovery of complex software vulnerabilities by integrating code slicing with large language models. The system successfully identified and exploited a previously unknown zero-day vulnerability in a WordPress plugin, with further discoveries being disclosed responsibly.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/we-built-a-vulnerability-vending-machine-ai-tokens-in-zero-days-out/</guid>
      <pubDate>Wed, 15 Jul 2026 14:01:11 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/we-built-a-vulnerability-vending-machine-ai-tokens-in-zero-days-out/">Bleeping Computer</source>
    </item>
    <item>
      <title>CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities</title>
      <link>https://infosecradar.com/stories/2026/07/15/cisa-urges-immediate-patching-of-exploited-sharepoint-vulnerabilities/</link>
      <description>CISA has issued a warning urging immediate patching of exploited SharePoint vulnerabilities. Three specific vulnerabilities are confirmed to be under active attack, with two of them being zero-day exploits.</description>
      <guid isPermaLink="false">https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-sharepoint-vulnerabilities/</guid>
      <pubDate>Wed, 15 Jul 2026 14:07:44 +0000</pubDate>
      <source url="https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-sharepoint-vulnerabilities/">SecurityWeek</source>
    </item>
    <item>
      <title>Unpatched Cursor Vulnerability Exposes Users to Code Execution</title>
      <link>https://infosecradar.com/stories/2026/07/15/unpatched-cursor-vulnerability-exposes-users-to-code-execution/</link>
      <description>A vulnerability in the Cursor code editor allows attackers to execute arbitrary code by creating a malicious repository with a git.exe file in the project root. Cursor automatically executes this file, leading to potential code execution on the user's system.</description>
      <guid isPermaLink="false">https://www.securityweek.com/unpatched-cursor-vulnerability-exposes-users-to-code-execution/</guid>
      <pubDate>Wed, 15 Jul 2026 14:37:13 +0000</pubDate>
      <source url="https://www.securityweek.com/unpatched-cursor-vulnerability-exposes-users-to-code-execution/">SecurityWeek</source>
    </item>
    <item>
      <title>CISA sounds alarm over trio of exploited SharePoint flaws</title>
      <link>https://infosecradar.com/stories/2026/07/15/cisa-sounds-alarm-over-trio-of-exploited-sharepoint-flaws/</link>
      <description>CISA has issued a warning about three actively exploited vulnerabilities in Microsoft SharePoint. Two of these flaws are rated as critical and could lead to further exploitation. Organizations are urged to apply patches immediately to mitigate the risks.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/15/cisa-sounds-alarm-over-trio-of-exploited-sharepoint-flaws/5271814</guid>
      <pubDate>Wed, 15 Jul 2026 15:21:58 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/15/cisa-sounds-alarm-over-trio-of-exploited-sharepoint-flaws/5271814">The Register (Security)</source>
    </item>
    <item>
      <title>Claude Flaw Automatically Sends Malicious Prompts to AI Agents</title>
      <link>https://infosecradar.com/stories/2026/07/15/claude-flaw-automatically-sends-malicious-prompts-to-ai-agents/</link>
      <description>A vulnerability in Anthropic's Claude AI model, dubbed "PromptFiction," could allow malicious prompts to be automatically sent to AI agents. When combined with another exploit, this flaw could have enabled an end-to-end attack on a targeted system. The vulnerability has since been fixed.</description>
      <guid isPermaLink="false">https://www.darkreading.com/vulnerabilities-threats/claude-flaw-malicious-prompts-ai-agents</guid>
      <pubDate>Wed, 15 Jul 2026 15:27:35 +0000</pubDate>
      <source url="https://www.darkreading.com/vulnerabilities-threats/claude-flaw-malicious-prompts-ai-agents">Dark Reading</source>
    </item>
    <item>
      <title>Windows 0-day drops the same day Microsoft releases record number of patches</title>
      <link>https://infosecradar.com/stories/2026/07/15/windows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches/</link>
      <description>Microsoft has released a record number of patches for its operating systems and other products, addressing 76 vulnerabilities. Concurrently, a zero-day exploit dubbed HiveLegacy has surfaced, which researchers describe as a powerful primitive with the potential for further malicious activities.</description>
      <guid isPermaLink="false">https://arstechnica.com/security/2026/07/windows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches/</guid>
      <pubDate>Wed, 15 Jul 2026 19:59:48 +0000</pubDate>
      <source url="https://arstechnica.com/security/2026/07/windows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches/">Ars Technica (Security)</source>
    </item>
    <item>
      <title>Zoom warns of critical account takeover vulnerability</title>
      <link>https://infosecradar.com/stories/2026/07/15/zoom-warns-of-critical-account-takeover-vulnerability/</link>
      <description>Zoom has issued a warning about a critical vulnerability affecting its desktop client and SDK for Windows. Attackers can exploit this flaw to take over user accounts without authentication. This vulnerability requires users to have Zoom installed and be logged into an account on the affected platform.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/zoom-warns-of-critical-account-takeover-vulnerability/</guid>
      <pubDate>Wed, 15 Jul 2026 20:16:02 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/zoom-warns-of-critical-account-takeover-vulnerability/">Bleeping Computer</source>
    </item>
    <item>
      <title>Forgotten Bootloaders Expose Secure Boot Blind Spot</title>
      <link>https://infosecradar.com/stories/2026/07/15/forgotten-bootloaders-expose-secure-boot-blind-spot/</link>
      <description>Attackers have exploited a vulnerability in UEFI shim bootloaders, allowing them to bypass Secure Boot protections for years. Nearly a dozen of these vulnerable bootloaders were revoked, but their prior trust created a security blind spot.</description>
      <guid isPermaLink="false">https://www.darkreading.com/cyber-risk/forgotten-bootloaders-expose-secure-boot-blind-spot</guid>
      <pubDate>Wed, 15 Jul 2026 21:19:19 +0000</pubDate>
      <source url="https://www.darkreading.com/cyber-risk/forgotten-bootloaders-expose-secure-boot-blind-spot">Dark Reading</source>
    </item>
    <item>
      <title>CVE-2026-25089: Fortinet FortiSandbox OS Command Injection Vulnerability</title>
      <link>https://infosecradar.com/stories/2026/07/16/cve-2026-25089-fortinet-fortisandbox-os-command-injection-vulnerability/</link>
      <description>A critical OS command injection vulnerability (CVE-2026-25089) has been identified in Fortinet FortiSandbox products. An unauthenticated attacker can exploit this flaw via crafted HTTP requests to execute unauthorized commands. Organizations are urged to apply vendor-provided mitigations and adhere to CISA's risk-based patching guidance.</description>
      <guid isPermaLink="false">https://nvd.nist.gov/vuln/detail/CVE-2026-25089</guid>
      <pubDate>Thu, 16 Jul 2026 00:00:00 +0000</pubDate>
      <source url="https://nvd.nist.gov/vuln/detail/CVE-2026-25089">CISA KEV</source>
    </item>
    <item>
      <title>CVE-2026-58644: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability</title>
      <link>https://infosecradar.com/stories/2026/07/16/cve-2026-58644-microsoft-sharepoint-deserialization-of-untrusted-data-vulnerabil/</link>
      <description>Microsoft SharePoint has a deserialization of untrusted data vulnerability that allows remote code execution by unauthorized attackers. Users are instructed to apply mitigations provided by the vendor, following CISA's guidance on prioritizing security updates and forensic triage requirements.</description>
      <guid isPermaLink="false">https://nvd.nist.gov/vuln/detail/CVE-2026-58644</guid>
      <pubDate>Thu, 16 Jul 2026 00:00:00 +0000</pubDate>
      <source url="https://nvd.nist.gov/vuln/detail/CVE-2026-58644">CISA KEV</source>
    </item>
    <item>
      <title>Trend Micro, Tanium, ESET and Tenable Patch Severe Product Vulnerabilities</title>
      <link>https://infosecradar.com/stories/2026/07/16/trend-micro-tanium-eset-and-tenable-patch-severe-product-vulnerabilities/</link>
      <description>Leading cybersecurity firms Trend Micro, Tanium, ESET, and Tenable have all released patches for critical and high-severity vulnerabilities discovered within their respective products. These patches address security flaws that could have put users' systems at risk.</description>
      <guid isPermaLink="false">https://www.securityweek.com/trend-micro-tanium-eset-and-tenable-patch-severe-product-vulnerabilities/</guid>
      <pubDate>Thu, 16 Jul 2026 06:08:08 +0000</pubDate>
      <source url="https://www.securityweek.com/trend-micro-tanium-eset-and-tenable-patch-severe-product-vulnerabilities/">SecurityWeek</source>
    </item>
    <item>
      <title>Nightmare Eclipse Drops ‘LegacyHive’ Windows Zero-Day</title>
      <link>https://infosecradar.com/stories/2026/07/16/nightmare-eclipse-drops-legacyhive-windows-zero-day/</link>
      <description>A researcher has disclosed a Windows zero-day vulnerability named 'LegacyHive' following the 'Nightmare Eclipse' operation. The proof-of-concept exploit has been intentionally limited to prevent immediate widespread exploitation.</description>
      <guid isPermaLink="false">https://www.securityweek.com/nightmare-eclipse-drops-legacyhive-windows-zero-day/</guid>
      <pubDate>Thu, 16 Jul 2026 06:48:40 +0000</pubDate>
      <source url="https://www.securityweek.com/nightmare-eclipse-drops-legacyhive-windows-zero-day/">SecurityWeek</source>
    </item>
    <item>
      <title>Flaw surge fuels need for CISOs to rethink vulnerability management</title>
      <link>https://infosecradar.com/stories/2026/07/16/flaw-surge-fuels-need-for-cisos-to-rethink-vulnerability-management/</link>
      <description>Security experts are urging organizations to adopt "just in time" patching and re-evaluate their vulnerability management strategies due to an increasing rate of vulnerability exploitation, which is being amplified by AI tools. The surge in AI-driven vulnerability discovery threatens to overwhelm existing patching processes, exacerbating the gap between vulnerability identification and remediation.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4196435/flaw-surge-fuels-need-for-cisos-to-rethink-vulnerability-management.html</guid>
      <pubDate>Thu, 16 Jul 2026 07:00:00 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4196435/flaw-surge-fuels-need-for-cisos-to-rethink-vulnerability-management.html">CSO Online</source>
    </item>
    <item>
      <title>Zoom Patches Critical Windows Flaw That Could Enable Account Takeover</title>
      <link>https://infosecradar.com/stories/2026/07/16/zoom-patches-critical-windows-flaw-that-could-enable-account-takeover/</link>
      <description>Zoom has released security updates for a critical vulnerability in its Windows client that could allow attackers to take over user accounts. The flaw, CVE-2026-53412, is rated with a CVSS score of 9.8 and affects multiple Zoom Windows applications.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html</guid>
      <pubDate>Thu, 16 Jul 2026 07:22:44 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html">The Hacker News</source>
    </item>
    <item>
      <title>Old UEFI Shims Expose Systems to Secure Boot Bypass</title>
      <link>https://infosecradar.com/stories/2026/07/16/old-uefi-shims-expose-systems-to-secure-boot-bypass/</link>
      <description>Vulnerable UEFI shim bootloaders, signed by Microsoft, can be exploited to bypass Secure Boot on any operating system. This vulnerability allows attackers to potentially load malicious code during the boot process, undermining system integrity.</description>
      <guid isPermaLink="false">https://www.securityweek.com/old-uefi-shims-expose-systems-to-secure-boot-bypass/</guid>
      <pubDate>Thu, 16 Jul 2026 07:59:22 +0000</pubDate>
      <source url="https://www.securityweek.com/old-uefi-shims-expose-systems-to-secure-boot-bypass/">SecurityWeek</source>
    </item>
    <item>
      <title>F5 Patches Multiple NGINX, BIG-IP Vulnerabilities</title>
      <link>https://infosecradar.com/stories/2026/07/16/f5-patches-multiple-nginx-big-ip-vulnerabilities/</link>
      <description>F5 has released patches for multiple vulnerabilities affecting its NGINX and BIG-IP products. Attackers could exploit these flaws to modify configurations, terminate or restart processes, bypass security controls, leak memory, and execute arbitrary code.</description>
      <guid isPermaLink="false">https://www.securityweek.com/f5-patches-multiple-nginx-big-ip-vulnerabilities/</guid>
      <pubDate>Thu, 16 Jul 2026 09:20:10 +0000</pubDate>
      <source url="https://www.securityweek.com/f5-patches-multiple-nginx-big-ip-vulnerabilities/">SecurityWeek</source>
    </item>
    <item>
      <title>Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide</title>
      <link>https://infosecradar.com/stories/2026/07/16/unpatched-shark-vacuum-flaw-could-let-attackers-control-other-vacuums-region-wid/</link>
      <description>A critical vulnerability in Shark robot vacuums allows attackers to remotely control other vacuums in the same AWS region by extracting the device's certificate. Exploiting this flaw enables attackers to access the vacuum's camera, control its movement, read house maps, and steal Wi-Fi credentials.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/unpatched-shark-vacuum-flaw-could-let.html</guid>
      <pubDate>Thu, 16 Jul 2026 09:23:19 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/unpatched-shark-vacuum-flaw-could-let.html">The Hacker News</source>
    </item>
    <item>
      <title>Splunk, Zoom Patch Critical Vulnerabilities</title>
      <link>https://infosecradar.com/stories/2026/07/16/splunk-zoom-patch-critical-vulnerabilities/</link>
      <description>Splunk and Zoom have released patches for critical vulnerabilities that could allow attackers to gain unauthorized access to credentials and data, take over accounts, and escalate privileges. These flaws pose a significant risk to organizations using these platforms.</description>
      <guid isPermaLink="false">https://www.securityweek.com/splunk-zoom-patch-critical-vulnerabilities/</guid>
      <pubDate>Thu, 16 Jul 2026 10:54:34 +0000</pubDate>
      <source url="https://www.securityweek.com/splunk-zoom-patch-critical-vulnerabilities/">SecurityWeek</source>
    </item>
    <item>
      <title>CISA orders feds to patch actively exploited Oracle flaw by Saturday</title>
      <link>https://infosecradar.com/stories/2026/07/16/cisa-orders-feds-to-patch-actively-exploited-oracle-flaw-by-saturday/</link>
      <description>CISA has issued a directive ordering federal agencies to patch a critical vulnerability in Oracle E-Business Suite by Saturday due to active exploitation. This vulnerability affects the financial application and poses a significant risk to sensitive government data and operations.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-flaw-by-saturday/</guid>
      <pubDate>Thu, 16 Jul 2026 10:56:03 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-flaw-by-saturday/">Bleeping Computer</source>
    </item>
    <item>
      <title>Windows 10 refuses to die, and the security bill is coming due</title>
      <link>https://infosecradar.com/stories/2026/07/16/windows-10-refuses-to-die-and-the-security-bill-is-coming-due/</link>
      <description>Despite reaching its end of support in October 2025, a significant portion of Windows 10 machines remain unmigrated. This continued reliance on an unsupported operating system poses a substantial security risk, as these systems will no longer receive critical security patches.</description>
      <guid isPermaLink="false">https://www.theregister.com/os-platforms/2026/07/16/windows-10-refuses-to-die-and-the-security-bill-is-coming-due/5271987</guid>
      <pubDate>Thu, 16 Jul 2026 11:25:20 +0000</pubDate>
      <source url="https://www.theregister.com/os-platforms/2026/07/16/windows-10-refuses-to-die-and-the-security-bill-is-coming-due/5271987">The Register (Security)</source>
    </item>
    <item>
      <title>AutomationDirect Productivity Suite</title>
      <link>https://infosecradar.com/stories/2026/07/16/automationdirect-productivity-suite/</link>
      <description>AutomationDirect Productivity Suite versions prior to v4.6.2.2 are vulnerable to multiple security flaws including out-of-bounds writes, out-of-bounds reads, and divide-by-zero errors. Successful exploitation could allow a local attacker with physical access to cause memory corruption, information disclosure, application instability, or denial-of-service conditions.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04">CISA Alerts</source>
    </item>
    <item>
      <title>Rockwell Automation CompactLogix, ControlLogix, Compact GuardLogix and GuardLogix</title>
      <link>https://infosecradar.com/stories/2026/07/16/rockwell-automation-compactlogix-controllogix-compact-guardlogix-and-guardlogix/</link>
      <description>CISA has issued an alert regarding multiple vulnerabilities in Rockwell Automation's CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix systems. Successful exploitation could lead to a denial-of-service condition.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-06</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-06">CISA Alerts</source>
    </item>
    <item>
      <title>Siemens SICAM 8</title>
      <link>https://infosecradar.com/stories/2026/07/16/siemens-sicam-8/</link>
      <description>Siemens SICAM 8 products are affected by multiple vulnerabilities, including an active debug code, initialization of a resource with an insecure default, and unverified password change. These flaws could allow an authenticated attacker to cause denial of service conditions by crashing the web process. Siemens has released updated versions to address these vulnerabilities.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-05</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-05">CISA Alerts</source>
    </item>
    <item>
      <title>Rockwell Automation Arena</title>
      <link>https://infosecradar.com/stories/2026/07/16/rockwell-automation-arena/</link>
      <description>Rockwell Automation Arena has several vulnerabilities, including out-of-bounds writes in the model.exe component, that could allow an attacker to execute arbitrary code. These vulnerabilities affect versions less than or equal to V17.00.00. Rockwell Automation recommends updating to V17.00.01 to mitigate these risks.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-01</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-01">CISA Alerts</source>
    </item>
    <item>
      <title>Rockwell Automation FactoryTalk DataMosaix</title>
      <link>https://infosecradar.com/stories/2026/07/16/rockwell-automation-factorytalk-datamosaix/</link>
      <description>A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Rockwell Automation FactoryTalk DataMosaix Private Cloud versions less than or equal to 8.02. Successful exploitation by an authenticated attacker could allow for the injection and permanent storage of malicious scripts on the server, leading to potential account takeover or credential theft when other users access affected pages.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-09</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-09">CISA Alerts</source>
    </item>
    <item>
      <title>Rockwell Automation Flex 5000 Adapter</title>
      <link>https://infosecradar.com/stories/2026/07/16/rockwell-automation-flex-5000-adapter/</link>
      <description>Rockwell Automation Flex 5000 Adapter version 6.011 is affected by a denial-of-service vulnerability (CVE-2026-12659) due to improper handling of crafted CIP packets. Successful exploitation could lead to a denial-of-service condition requiring a power cycle to recover the module.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-08</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-08">CISA Alerts</source>
    </item>
    <item>
      <title>Rockwell Automation 1756-EN2, 1756-EN3, and 1756-ENBT</title>
      <link>https://infosecradar.com/stories/2026/07/16/rockwell-automation-1756-en2-1756-en3-and-1756-enbt/</link>
      <description>Rockwell Automation's 1756-EN2, 1756-EN3, and 1756-ENBT communication modules are affected by a denial-of-service vulnerability due to improper validation of CIP Implicit Connection packets. An attacker could exploit this by sending crafted packets to disrupt device connections.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-02</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-02">CISA Alerts</source>
    </item>
    <item>
      <title>SALTO ProAccess Space</title>
      <link>https://infosecradar.com/stories/2026/07/16/salto-proaccess-space/</link>
      <description>SALTO ProAccess Space software versions prior to 6.13 are vulnerable to a privilege escalation attack (CVE-2026-11889) if the partition feature is enabled. Successful exploitation by an authenticated attacker could allow access to spaces outside their assigned partition. A CVSS score of 6.5 has been assigned to this vulnerability.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-07</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-07">CISA Alerts</source>
    </item>
    <item>
      <title>NASA Core Flight System (cFS) Health &amp; Safety (HS) Application</title>
      <link>https://infosecradar.com/stories/2026/07/16/nasa-core-flight-system-cfs-health-safety-hs-application/</link>
      <description>A NULL Pointer Dereference vulnerability has been identified in NASA's Core Flight System (cFS) Health &amp; Safety (HS) Application. Successful exploitation could allow an unauthenticated attacker to cause a denial-of-service condition by crashing the application.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-03</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-03">CISA Alerts</source>
    </item>
    <item>
      <title>CISA Adds Three Known Exploited Vulnerabilities to Catalog</title>
      <link>https://infosecradar.com/stories/2026/07/16/cisa-adds-three-known-exploited-vulnerabilities-to-catalog/</link>
      <description>CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These include two command injection vulnerabilities in Fortinet FortiSandbox OS and a deserialization vulnerability in Microsoft SharePoint. The update reinforces the importance of CISA's Binding Operational Directive (BOD) 26-04 for federal agencies to prioritize remediation of these high-risk vulnerabilities.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/alerts/2026/07/16/cisa-adds-three-known-exploited-vulnerabilities-catalog</guid>
      <pubDate>Thu, 16 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/alerts/2026/07/16/cisa-adds-three-known-exploited-vulnerabilities-catalog">CISA Alerts</source>
    </item>
    <item>
      <title>CISA urges immediate SharePoint hardening as exploits mount</title>
      <link>https://infosecradar.com/stories/2026/07/16/cisa-urges-immediate-sharepoint-hardening-as-exploits-mount/</link>
      <description>CISA has issued an urgent warning and urged organizations to harden their Microsoft SharePoint deployments due to active exploitation of three vulnerabilities. These vulnerabilities, now listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, pose a significant risk, especially for internet-facing instances, potentially allowing attackers initial access to enterprise environments.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197775/cisa-urges-immediate-sharepoint-hardening-as-exploits-mount.html</guid>
      <pubDate>Thu, 16 Jul 2026 12:06:13 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197775/cisa-urges-immediate-sharepoint-hardening-as-exploits-mount.html">CSO Online</source>
    </item>
    <item>
      <title>n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer</title>
      <link>https://infosecradar.com/stories/2026/07/16/n8n-token-exchange-flaw-could-let-attackers-log-in-as-users-from-another-issuer/</link>
      <description>The workflow automation platform n8n has a flaw in its token exchange mechanism. On enterprise instances configured with multiple token issuers, the platform incorrectly matches incoming JWTs to local users based solely on the 'sub' claim, ignoring the 'iss' claim. This allows a valid token from one issuer to log a user in as someone else if their 'sub' claim matches a user under a different issuer.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html</guid>
      <pubDate>Thu, 16 Jul 2026 13:33:25 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html">The Hacker News</source>
    </item>
    <item>
      <title>Zoom patches account takeover hole</title>
      <link>https://infosecradar.com/stories/2026/07/16/zoom-patches-account-takeover-hole/</link>
      <description>Zoom has patched a critical security vulnerability that could allow an unauthenticated user to take over accounts remotely. The company also addressed three other less severe privilege escalation flaws across various Zoom products for Windows. These patches are crucial given Zoom's widespread use in both personal and business environments.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197962/zoom-patches-account-takeover-hole-2.html</guid>
      <pubDate>Thu, 16 Jul 2026 17:30:44 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197962/zoom-patches-account-takeover-hole-2.html">CSO Online</source>
    </item>
    <item>
      <title>Claude Chrome extension flaw lets malicious extensions trigger AI actions</title>
      <link>https://infosecradar.com/stories/2026/07/16/claude-chrome-extension-flaw-lets-malicious-extensions-trigger-ai-actions/</link>
      <description>A flaw in Anthropic's Claude for Chrome browser extension could allow malicious extensions to trigger AI actions by simulating user clicks. This could enable attackers to abuse Claude's access to connected services like Gmail, Google Docs, Google Calendar, and Salesforce.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/claude-chrome-extension-flaw-lets-malicious-extensions-trigger-ai-actions/</guid>
      <pubDate>Thu, 16 Jul 2026 19:26:07 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/claude-chrome-extension-flaw-lets-malicious-extensions-trigger-ai-actions/">Bleeping Computer</source>
    </item>
    <item>
      <title>CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV</title>
      <link>https://infosecradar.com/stories/2026/07/17/cisa-adds-exploited-sharepoint-rce-zero-day-cve-2026-58644-to-kev/</link>
      <description>CISA has added a critical SharePoint Server remote code execution (RCE) vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are mandated to apply the necessary patches by July 19, 2026.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html</guid>
      <pubDate>Fri, 17 Jul 2026 06:42:23 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html">The Hacker News</source>
    </item>
    <item>
      <title>CISA urges immediate action on actively exploited Fortinet flaws</title>
      <link>https://infosecradar.com/stories/2026/07/17/cisa-urges-immediate-action-on-actively-exploited-fortinet-flaws/</link>
      <description>CISA has issued a directive to government agencies, mandating the immediate patching of two critical vulnerabilities found in Fortinet's FortiSandbox threat detection platform. These vulnerabilities are reportedly being actively exploited, underscoring the urgency of the advisory.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/cisa-warns-feds-to-patch-exploited-fortinet-fortisandbox-flaws-by-sunday/</guid>
      <pubDate>Fri, 17 Jul 2026 07:03:33 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/cisa-warns-feds-to-patch-exploited-fortinet-fortisandbox-flaws-by-sunday/">Bleeping Computer</source>
    </item>
    <item>
      <title>Fresh SharePoint Vulnerability Exploited Soon After Disclosure</title>
      <link>https://infosecradar.com/stories/2026/07/17/fresh-sharepoint-vulnerability-exploited-soon-after-disclosure/</link>
      <description>A critical-severity security vulnerability in SharePoint has been disclosed and is already being exploited by attackers. The flaw allows authenticated remote attackers to execute arbitrary code on the server.</description>
      <guid isPermaLink="false">https://www.securityweek.com/fresh-sharepoint-vulnerability-exploited-soon-after-disclosure/</guid>
      <pubDate>Fri, 17 Jul 2026 07:15:59 +0000</pubDate>
      <source url="https://www.securityweek.com/fresh-sharepoint-vulnerability-exploited-soon-after-disclosure/">SecurityWeek</source>
    </item>
    <item>
      <title>Google fixing Android lock screen bug that lets Gemini send SMS without a PIN</title>
      <link>https://infosecradar.com/stories/2026/07/17/google-fixing-android-lock-screen-bug-that-lets-gemini-send-sms-without-a-pin/</link>
      <description>Google is addressing a vulnerability in Android's lock screen that allows the Gemini AI model to send SMS messages without requiring a PIN. A specific multi-touch gesture on the lock screen can bypass the authentication prompt, enabling unauthorized access to the messaging function.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/17/google-fixing-android-lock-screen-bug-that-lets-gemini-send-sms-without-a-pin/5273027</guid>
      <pubDate>Fri, 17 Jul 2026 09:15:00 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/17/google-fixing-android-lock-screen-bug-that-lets-gemini-send-sms-without-a-pin/5273027">The Register (Security)</source>
    </item>
    <item>
      <title>New Windows LegacyHive zero-day gives hackers admin privileges</title>
      <link>https://infosecradar.com/stories/2026/07/17/new-windows-legacyhive-zero-day-gives-hackers-admin-privileges/</link>
      <description>A new Windows zero-day exploit named LegacyHive has been publicly released by a security researcher. This exploit allows attackers to gain administrative privileges on patched Windows systems. The vulnerability is believed to affect specific Windows components and has been demonstrated to work on the latest Windows versions.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-windows-legacyhive-zero-day-exploit-grants-hackers-admin-access/</guid>
      <pubDate>Fri, 17 Jul 2026 11:05:30 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-windows-legacyhive-zero-day-exploit-grants-hackers-admin-access/">Bleeping Computer</source>
    </item>
    <item>
      <title>Attackers target critical FortiSandbox flaws as CISA issues patch order</title>
      <link>https://infosecradar.com/stories/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/</link>
      <description>Attackers are actively exploiting critical vulnerabilities in Fortinet's FortiSandbox products, prompting CISA to issue a directive mandating patches. Researchers have identified abuse attempts targeting command injection flaws within these devices.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/5274287</guid>
      <pubDate>Fri, 17 Jul 2026 11:58:10 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/5274287">The Register (Security)</source>
    </item>
  </channel>
</rss>
