Vulnerability - it-daily.net - Daily relevant IT news for decision-makers

Patch incoming

Zero-day in PAN-OS: Attackers hijack Palo Alto firewalls

06. May, 2026 - 17:16

A critical vulnerability in PAN-OS is already being actively exploited. Palo Alto Networks is working on patches, with the first round expected on May 13.

Critical WordPress plugin bug

WordPress security flaw: Hackers target Breeze Cache plugin

24. April, 2026 - 15:52

A critical vulnerability in the WordPress plugin Breeze Cache allows attackers to take over entire websites. More than 400,000 installations are affected.

Classified as a zero-day vulnerability

Over 1,300 Microsoft SharePoint servers remain unprotected despite patch

22. April, 2026 - 15:45

More than 1,300 publicly accessible Microsoft SharePoint servers remain vulnerable to a critical spoofing security flaw that is already being actively exploited by threat actors.

Tax returns and ID cards

Fiverr data leak: Private documents exposed on Google

15. April, 2026 - 11:15

A misconfigured Cloudinary instance is leaking private user documents from the freelance platform, which are being indexed by Google. The researcher who discovered the issue has been waiting for a response from the company for over 40 days.

Risk rising fast

AI vulnerabilities hit record high as security gaps widen

19. March, 2026 - 18:30

The rapid proliferation of artificial intelligence is delivering not just efficiency gains but also a fast-growing set of security challenges. A recent analysis by TrendAI reveals that vulnerabilities in the AI ecosystem are expanding significantly faster than in the broader software landscape, and many organizations are struggling to keep

Fewer false positives promised

OpenAI launches Codex Security for vulnerability detection

09. March, 2026 - 14:52

Developed under the codename “Aardvark,” Codex Security aims to replace traditional SAST tools and already earned 14 CVE assignments during its beta.

Max Verstappen and others

Security vulnerability exposed Formula 1 driver data

27. October, 2025 - 16:16

A security flaw in the FIA’s IT systems allowed three security researchers to access confidential information, including personal data belonging to Max Verstappen and other Formula 1 drivers.

All windows versions affected

Critical Windows SMB vulnerability being actively exploited in attacks

21. October, 2025 - 11:21

US cybersecurity agency CISA warns of active exploitation of a vulnerability in the Windows SMB protocol. Attackers can use it to gain SYSTEM-level privileges.

Warning signal for the entire industry

Zero-click EchoLink exploit compromises Microsoft 365 Copilot security

20. August, 2025 - 06:20

The security researchers at Check Point have discovered a zero-click vulnerability in Microsoft 365 Copilot, which they have named “EchoLink”.

CVE-2025-8088

Security vulnerability in WinRAR actively exploited

11. August, 2025 - 07:29

Attackers exploited a directory traversal vulnerability in WinRAR to spread malware via manipulated archives. The vulnerability CVE-2025-8088 has been patched since version 7.13.