vulnerability-management

13-year-old Apache ActiveMQ RCE vulnerability discovered, AI assisted in finding exploit

• aiml
• patchconfiguration-management
• vulnerability-management

13-year-old Apache ActiveMQ RCE vulnerability discovered, AI assisted in finding exploit

SC Staff April 9, 2026

The vulnerability, with a severity score of 8.8, affects multiple versions of Apache ActiveMQ/Broker.

Read More Read more about 13-year-old Apache ActiveMQ RCE vulnerability discovered, AI assisted in finding exploit

Claude Mythos Preview identifies 27-year-old bug, finds ‘thousands’ of zero-days in weeks

• aiml
• patchconfiguration-management
• vulnerability-management

Claude Mythos Preview identifies 27-year-old bug, finds ‘thousands’ of zero-days in weeks

Laura French April 9, 2026

Anthropic launched “Project Glasswing” to restrict the availability of the new model to selected organizations.

Read More Read more about Claude Mythos Preview identifies 27-year-old bug, finds ‘thousands’ of zero-days in weeks

Critical Ninja Forms vulnerability allows remote code execution

• patchconfiguration-management
• vulnerability-management

Critical Ninja Forms vulnerability allows remote code execution

SC Staff April 8, 2026

The vulnerability, affecting versions up to 3.3.26, has a critical severity rating of 9.8 out of 10.

Read More Read more about Critical Ninja Forms vulnerability allows remote code execution

Outdated software on Macs and mobile devices poses significant security risk

• application-security
• vulnerability-management

Outdated software on Macs and mobile devices poses significant security risk

SC Staff April 8, 2026

The research highlights that nearly all assessed mobile apps (95%) contain at least one medium-severity vulnerability.

Read More Read more about Outdated software on Macs and mobile devices poses significant security risk

Docker fixes AuthZ bypass bug that created containers with excessive privileges

• aiml
• patchconfiguration-management
• vulnerability-management

Docker fixes AuthZ bypass bug that created containers with excessive privileges

Laura French April 8, 2026

A crafted HTTP request can make restricted containers invisible to AuthZ plugins.

Read More Read more about Docker fixes AuthZ bypass bug that created containers with excessive privileges

Active exploitation of max severity Flowise bug threatens broad compromise

• aiml
• patchconfiguration-management
• vulnerability-management

Active exploitation of max severity Flowise bug threatens broad compromise

SC Staff April 7, 2026

More than 12,000 internet-exposed instances of open-source AI agent builder Flowise could be compromised by the ongoing...

Read More Read more about Active exploitation of max severity Flowise bug threatens broad compromise

Immediate remediation of Fortinet FortiClient EMS bug ordered by CISA

• patchconfiguration-management
• vulnerability-management

Immediate remediation of Fortinet FortiClient EMS bug ordered by CISA

SC Staff April 7, 2026

BleepingComputer reports that the Cybersecurity and Infrastructure Security Agency has called on federal civilian executive agencies to...

Read More Read more about Immediate remediation of Fortinet FortiClient EMS bug ordered by CISA

New CUPS vulnerabilities threaten RCE, network breaches

• iot
• network-security
• vulnerability-management

New CUPS vulnerabilities threaten RCE, network breaches

SC Staff April 7, 2026

Attackers could combine a pair of newly discovered vulnerabilities in the Common Unix Printing System used by...

Read More Read more about New CUPS vulnerabilities threaten RCE, network breaches

Windows zero-day vulnerability ‘BlueHammer’ exploit code released

• privileged-access-management
• vulnerability-management

Windows zero-day vulnerability ‘BlueHammer’ exploit code released

SC Staff April 7, 2026

The BlueHammer vulnerability is a local privilege escalation (LPE) flaw that combines a time-of-check to time-of-use (TOCTOU)...

Read More Read more about Windows zero-day vulnerability ‘BlueHammer’ exploit code released

Total takeover of Nvidia GPU-based devices possible with novel Rowhammer attacks

• Hardware
• vulnerability-management

Total takeover of Nvidia GPU-based devices possible with novel Rowhammer attacks

SC Staff April 6, 2026

Machines running high-performance Nvidia GPU cards, which are prevalent in cloud environments, could be completely hijacked through...

Read More Read more about Total takeover of Nvidia GPU-based devices possible with novel Rowhammer attacks