vulnerability-management

Lovable AI coding platform faces scrutiny over data exposure

• aiml
• data-security
• vulnerability-management

Lovable AI coding platform faces scrutiny over data exposure

SC Staff April 21, 2026

A security researcher, operating under the handle @weezerOSINT, reported that a simple free account on Lovable provided...

Read More Read more about Lovable AI coding platform faces scrutiny over data exposure

GreyNoise finds attacker activity surges before vulnerability disclosures

• network-security
• patchconfiguration-management
• threat-intelligence
• vulnerability-management

GreyNoise finds attacker activity surges before vulnerability disclosures

Laura French April 21, 2026

The median lead time between activity surge and advisory publication was 11 days.

Read More Read more about GreyNoise finds attacker activity surges before vulnerability disclosures

Attempted exploitation of vulnerability impacting EoL TP-Link routers discovered

• network-security
• vulnerability-management

Attempted exploitation of vulnerability impacting EoL TP-Link routers discovered

SC Staff April 20, 2026

Palo Alto Networks Unit 42 researchers have identified widespread attempts to exploit CVE-2023-33538, a vulnerability in several...

Read More Read more about Attempted exploitation of vulnerability impacting EoL TP-Link routers discovered

Trio of new Windows vulnerabilities under active exploitation

• vulnerability-management

Trio of new Windows vulnerabilities under active exploitation

SC Staff April 20, 2026

TechCrunch reports that attacks weaponizing the Windows Defender security vulnerabilities BlueHammer, UnDefend, and RedSun which have had...

Read More Read more about Trio of new Windows vulnerabilities under active exploitation

Critical RCE vulnerability in protobuf.js; Exploit code published

• patchconfiguration-management
• supply-chain
• vulnerability-management

Critical RCE vulnerability in protobuf.js; Exploit code published

SC Staff April 20, 2026

The vulnerability, tracked as GHSA-xq3m-2v4x-88gg, stems from unsafe dynamic code generation within protobuf.js.

Read More Read more about Critical RCE vulnerability in protobuf.js; Exploit code published

Express website vulnerability exposed customer order details

• data-security
• security-operations
• vulnerability-management

Express website vulnerability exposed customer order details

SC Staff April 20, 2026

The vulnerability allowed unauthorized access to order confirmation pages, revealing customer names, phone numbers, email addresses, postal...

Read More Read more about Express website vulnerability exposed customer order details

Another PoC exploit released by ‘BlueHammer’ leaker after Microsoft dispute

• patchconfiguration-management
• vulnerability-management

Another PoC exploit released by ‘BlueHammer’ leaker after Microsoft dispute

SC Staff April 17, 2026

Security researcher Chaotic Eclipse has published a proof-of-concept exploit for a Microsoft Defender zero-day vulnerability dubbed "RedSun"...

Read More Read more about Another PoC exploit released by ‘BlueHammer’ leaker after Microsoft dispute

Customer data-exposing website flaw remediated by clothing retailer Express

• data-security
• vulnerability-management

Customer data-exposing website flaw remediated by clothing retailer Express

SC Staff April 17, 2026

TechCrunch reports that major U.S. clothing retailer Express has fixed a vulnerability in its website, which exposed...

Read More Read more about Customer data-exposing website flaw remediated by clothing retailer Express

Multiple attacks weaponizing critical Marimo RCE identified

• patchconfiguration-management
• vulnerability-management

Multiple attacks weaponizing critical Marimo RCE identified

SC Staff April 17, 2026

Numerous threat actors have launched intrusions abusing the critical remote code execution flaw in the open-source Python...

Read More Read more about Multiple attacks weaponizing critical Marimo RCE identified

Nexcorium malware targets IoT devices, leverages Mirai variant for DDoS attacks

• iot
• malware
• security-operations
• vulnerability-management

Nexcorium malware targets IoT devices, leverages Mirai variant for DDoS attacks

SC Staff April 17, 2026

Nexcorium primarily targets video recording boxes for security cameras, particularly TBK DVR-4104 and DVR-4216 models, due to...

Read More Read more about Nexcorium malware targets IoT devices, leverages Mirai variant for DDoS attacks