Latest Cybersecurity News & Insights
13 March 2026
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.
The vulnerabilities are as follows -
CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
CVE-2026-21667 (
12 March 2026
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.
The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was
12 March 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched
11 March 2026
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution.
The vulnerabilities are listed below -
CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE)
CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated
11 March 2026
The company connects AI agents to security data lakes for interactive investigations, detection engineering, and autonomous response.
The post Scanner Raises $22 Million for AI-Powered Threat Hunting appeared first on SecurityWeek.
11 March 2026
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems.
The vulnerabilities in question listed below -
CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)
CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization
11 March 2026
The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation.
The post How to 10x Your Vulnerability Management Program in the Agentic Era appeared first on SecurityWeek.
11 March 2026
“You knew, and you could have acted. Why didn’t you?”
This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident.
For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing
11 March 2026
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.
Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four
10 March 2026
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday.
10 March 2026
Microsoft has fixed a critical vulnerability, but none of the flaws fixed this Patch Tuesday has been exploited in the wild.
The post Microsoft Patches 83 Vulnerabilities appeared first on SecurityWeek.
10 March 2026
Codex Security, formerly Aardvark, has found hundreds of critical vulnerabilities in tested software in the past month.
The post OpenAI Rolls Out Codex Security Vulnerability Scanner appeared first on SecurityWeek.
10 March 2026
The company will deepen its platform's AI agent capabilities and scale engineering and go-to-market teams.
The post Escape Raises $18 Million to Automate Pentesting appeared first on SecurityWeek.
10 March 2026
CISA has added the high-severity authentication bypass vulnerability to its KEV list, along with SolarWinds and Workspace One bugs.
The post Recent Ivanti Endpoint Manager Flaw Exploited in Attacks appeared first on SecurityWeek.
10 March 2026
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately.
Time-to-exploit is shrinking
The larger and less controlled your attack surface is,
10 March 2026
Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector.
The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive
10 March 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability list is as follows -
CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that
08 March 2026
WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses.
The post Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited appeared first on SecurityWeek.
07 March 2026
OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities.
The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month.
"It builds deep context about your project to identify
06 March 2026
The vulnerability was disclosed and mitigated in 2021 but its in-the-wild exploitation has only now come to light.
The post Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks appeared first on SecurityWeek.