The Hacker News

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

DNS flaw in Amazon Bedrock and critical AI vulnerabilities expose data and enable RCE, risking breaches and infrastructure ...
SecurityWeek

Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

HPE has patched a critical-severity Aruba Networking AOS-CX vulnerability that allows attackers to reset administrator passwords.

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log ...

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data ...

Microsoft Authenticator Code Alert—iOS And Android Users Update Now

Microsoft confirms Authenticator flaw could allow disclosure of your one-time codes. iOS and Android users are urged to ...
Security Boulevard

Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)

Critical75Important0Moderate0LowMicrosoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released.Microsoft patched 83 CVEs in its March 2026 Patch ...
Security Boulevard

LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

Tenable Research revealed "LeakyLooker," a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services ...
heise online

HPE AutoPass License Server allows authentication bypass

IT security researchers from Trend Micro's Zero-Day Initiative (ZDI) have discovered a critical vulnerability in the HPE AutoPass License Server (APLS) that allows attackers to bypass authentication.