Aggregator

A vulnerability classified as problematic has been found in Adobe Commerce. The affected element is an unknown function. Performing a manipulation results in resource consumption. This vulnerability is cataloged as CVE-2026-34650. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Adobe Commerce. Impacted is an unknown function. Such manipulation leads to resource consumption. This vulnerability is listed as CVE-2026-34649. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Adobe Commerce up to 2.4.4-p17. This issue affects some unknown processing. This manipulation causes resource consumption. This vulnerability is tracked as CVE-2026-34648. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Adobe Commerce. This vulnerability affects unknown code. The manipulation results in incorrect authorization. This vulnerability is identified as CVE-2026-34646. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Adobe Commerce. This affects an unknown part. The manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2026-34645. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Adobe Commerce. Affected by this issue is some unknown functionality. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2026-34653. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Craft CMS up to 4.17.11/5.9.17. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file src/gql/resolvers/elements/Address.php. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-44010. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share up to 12.6.1204.216. It has been declared as critical. Affected is an unknown function. Such manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-65086. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share up to 12.6.1204.216. It has been classified as problematic. This impacts an unknown function. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2025-65088. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share up to 12.6.1204.216 and classified as problematic. This affects an unknown function. The manipulation results in out-of-bounds read. This vulnerability is known as CVE-2025-65087. It is possible to launch the attack remotely. No exploit is available.

Experts on the topic say the G7 guidance is good, but could still use some improvements.

The post Major world economies spell out key elements of AI ‘ingredients list’ appeared first on CyberScoop.

It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.

The high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code.

The post Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical appeared first on CyberScoop.

In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.

Cloud Connectivity, Security Operations Providers Reportedly Chop 20%, 7% of Staff
Cloudflare cut more than 1,100 workers from its 5,483-person staff, saying the layoffs will align Cloudflare's operations with AI-driven workflows and productivity gains. And Arctic Wolf laid off 250 workers from its estimated staff of 3,402 to free resources for investment in AI initiatives.

Google Says Criminals Used AI to Discover and Code Exploit
A cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

An On Demand video from ID Dataweb
Scattered Spider continues to evolve, and organizations across financial services, healthcare, insurance, telecommunications, and other sectors are strengthening defenses against increasingly sophisticated identity-driven threats.

German Financial Regulator Warns Sector to Step Up Defenses
OpenAI is stepping up to do what arch-rival Anthropic still won't. The AI firm will give European authorities and companies access to its new vulnerability-finding AI model, so they can beef up their cybersecurity.