#cybersecurity-vulnerability

[ follow ]
#data-breach #authentication-bypass #companies-house #critical-patch #remote-code-execution #ollama
Information security
fromThe Hacker News
3 days ago

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

A heap out-of-bounds read in Ollama’s GGUF loader can let remote unauthenticated attackers leak entire process memory via /api/create.
Privacy professionals
fromTechCrunch
1 month ago

Marquis says over 672,000 people had personal and financial data stolen in ransomware attack | TechCrunch

Marquis, a fintech company serving hundreds of banks, suffered a ransomware attack in August 2025 that compromised personal and financial data of over 672,000 people, with more than half residing in Texas.
EU data protection
fromwww.independent.co.uk
1 month ago

What you need to know after millions of UK firms' data shared in major glitch

A five-month data glitch at UK Companies House exposed private details of over five million business directors, allowing unauthorized access and editing through browser back-button navigation.
Privacy professionals
fromSecurityWeek
1 month ago

UK Companies House Exposed Details of Millions of Firms

A critical vulnerability in Companies House WebFiling allowed authenticated users to access other companies' accounts and sensitive data of five million firms through a simple browser navigation technique.
#data-breach
fromBusiness Matters
1 month ago
Privacy professionals

Companies House suspends online filing service after cyber vulnerability exposes director data

Companies House suspended its WebFiling service after a security vulnerability allowed users to access and edit other companies' sensitive personal data through a browser back button exploit.
fromLawSites
2 months ago
Information security

LexisNexis Says Data Breach Has Been Cointained; Hackers Claim Access to Government and Law Firm User Data

Hackers exploited an unpatched React vulnerability to breach LexisNexis servers, accessing millions of records including sensitive government employee data and plaintext credentials.
Privacy professionals
fromBusiness Matters
1 month ago

Companies House suspends online filing service after cyber vulnerability exposes director data

Companies House suspended its WebFiling service after a security vulnerability allowed users to access and edit other companies' sensitive personal data through a browser back button exploit.
Information security
fromLawSites
2 months ago

LexisNexis Says Data Breach Has Been Cointained; Hackers Claim Access to Government and Law Firm User Data

Hackers exploited an unpatched React vulnerability to breach LexisNexis servers, accessing millions of records including sensitive government employee data and plaintext credentials.
more#data-breach
Information security
fromSecurityWeek
1 month ago

Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

HPE released patches for a critical vulnerability in Aruba Networking AOS-CX switches that allows remote, unauthenticated attackers to reset administrator passwords and gain full system control.
Information security
fromTheregister
2 months ago

CISA says n8n critical bug exploited in real-world attacks

CISA mandates immediate patching of CVE-2025-68613, a critical 9.9-severity remote code execution vulnerability in n8n workflow automation platform affecting over 103,000 users.
fromThe Hacker News
2 months ago

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

A malicious unauthenticated actor may exploit this issue to execute arbitrary commands, which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. The shortcoming was addressed, along with CVE-2026-22720, a stored cross-site scripting vulnerability, and CVE-2026-22721, a privilege escalation vulnerability that could result in administrative access.
Information security
Information security
fromComputerWeekly.com
2 months ago

Cisco Catalyst SD-WAN users targeted in series of cyber attacks | Computer Weekly

UK and Five Eyes agencies warn of active threat campaigns targeting Cisco Catalyst SD-WAN products, requiring immediate investigation and patching of critical authentication bypass vulnerabilities.
[ Load more ]