The Breach News

Docker CVE-2026-34040: How Attackers Can Bypass Authorization to Gain Host Access

A significant security vulnerability has been uncovered in Docker Engine that may allow attackers to circumvent authorization plugins under certain circumstances. This issue is assigned the identifier CVE-2026-34040, with a critical CVSS score of 8.8. The flaw arises from an incomplete resolution of CVE-2024-41110, which was a severe vulnerability discovered…

Read MoreDocker CVE-2026-34040: How Attackers Can Bypass Authorization to Gain Host Access

Critical Vulnerabilities Identified in VxWorks RTOS, Impacting Over 2 Billion Devices

Security researchers have identified multiple zero-day vulnerabilities, collectively named URGENT/11, within VxWorks, a prevalent real-time operating system (RTOS) embedded in over 2 billion devices across various sectors, including aerospace, medical, and industrial applications. This newly uncovered threat poses significant risk, especially given that six of the eleven vulnerabilities are classified…

Read MoreCritical Vulnerabilities Identified in VxWorks RTOS, Impacting Over 2 Billion Devices

The Rise of AI: Fueling a Competitive Race in Bug Hunting

Rising Challenges in the Bug Bounty Landscape: Trends and Implications Organizations across the tech landscape are grappling with the increasing threat posed by both nation-state and criminal actors, as highlighted by cybersecurity expert Hultquist. While nation-state concerns are indeed significant, it is criminal activity that comprises the majority of incidents…

Read MoreThe Rise of AI: Fueling a Competitive Race in Bug Hunting

OpenAI Cancels macOS App Certificate Following Malicious Axios Supply Chain Attack

OpenAI Discloses Compromise in macOS App Signing Workflow OpenAI has issued a statement regarding a significant security incident that occurred on March 31, revealing that a GitHub Actions workflow tied to the signing of its macOS applications inadvertently downloaded a malicious Axios library. Fortunately, the company has confirmed that this…

Read MoreOpenAI Cancels macOS App Certificate Following Malicious Axios Supply Chain Attack

DHS Alerts: Small Aircraft at Risk of Flight Data Manipulation Attacks

A recent cybersecurity investigation has unveiled a significant vulnerability in small aircraft that allows potential hackers to manipulate the plane’s electronic systems, raising serious safety concerns. The risks associated with this vulnerability include the alarming possibility of hackers tricking a plane’s electronic systems into displaying inaccurate flight data to pilots,…

Read MoreDHS Alerts: Small Aircraft at Risk of Flight Data Manipulation Attacks

FBI and Indonesian Police Take Down W3LL Phishing Network Responsible for $20M Fraud Scheme

The U.S. Federal Bureau of Investigation (FBI) and the Indonesian National Police have successfully disrupted a global phishing operation that relied on a commercially available toolkit known as W3LL. This initiative is reported to have facilitated the theft of account credentials from thousands of victims and aimed to defraud over…

Read MoreFBI and Indonesian Police Take Down W3LL Phishing Network Responsible for $20M Fraud Scheme

Cisco ‘Intentionally’ Sold Vulnerable Video Surveillance System to U.S. Government

Cisco Settles $8.6 Million Lawsuit Over Security Vulnerabilities in Surveillance Software Cisco Systems has reached an $8.6 million settlement concerning a lawsuit that alleged the company knowingly sold a flawed video surveillance system to U.S. federal and state agencies, despite being aware of critical security vulnerabilities. This case marks a…

Read MoreCisco ‘Intentionally’ Sold Vulnerable Video Surveillance System to U.S. Government

April Patch Tuesday Addresses Critical Vulnerabilities in SAP, Adobe, Microsoft, Fortinet, and Others

In the realm of cybersecurity, recent developments from April’s Patch Tuesday have highlighted numerous critical vulnerabilities affecting significant software vendors including Adobe, Fortinet, Microsoft, and SAP. Topping the list is an SQL injection vulnerability affecting SAP’s Business Planning and Consolidation and Business Warehouse systems (CVE-2026-27681), which carries a CVSS score…

Read MoreApril Patch Tuesday Addresses Critical Vulnerabilities in SAP, Adobe, Microsoft, Fortinet, and Others

Researchers Uncover New Methods to Bypass WPA3 WiFi Security

A recent report highlights the discovery of new vulnerabilities in the WPA3 WiFi security standard, raising significant concerns for businesses relying on this technology. This revelation comes from a trusted team of cybersecurity researchers who previously identified multiple severe flaws—collectively labeled “Dragonblood”—in WPA3 shortly after its launch. The newly uncovered…

Read MoreResearchers Uncover New Methods to Bypass WPA3 WiFi Security