CSIRT.SK

Warning: Critical vulnerabilities in #Netwrix Password Secure. This can lead to Remote Code Execution #RCE on the client, #DoS on the server and for a local privileged user #RCE on the server. More info: community.netwrix.com/t/adv-2026-005… #Patch #Patch #Patch

⚠️ NetScaler ADC & Gateway Vulnerabilities Enable Remote Attacks on Affected Systems Source: cybersecuritynews.com/netscaler-adc-… Cloud Software Group has released urgent security patches for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), addressing two significant vulnerabilities that could allow unauthenticated remote attackers to compromise affected systems. The more severe of the two flaws, CVE-2026-3055, carries a CVSS v4.0 base score of 9.3, classifying it as critical. The vulnerability stems from insufficient input validation that leads to a memory overread condition (CWE-125: Out-of-Bounds Read). The second vulnerability, CVE-2026-4368, scores 7.7 (High) on the CVSS v4.0 scale and involves a race condition (CWE-362) that can result in user session mixup. #cybersecuritynews #citrix

🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw Vulnerability detection script available here: github.com/rxerium/rxeriu… Patches are available as per Citrix's advisory: support.citrix.com/support-home/k…

QNAP Patches Four Vulnerabilities Exploited at Pwn2Own securityweek.com/qnap-patches-f…

🚨Upozorňujeme na zranitelnost v Oracle Identity Manager a Oracle Web Services Manager, CVE-2026-21992. Jedná se o snadno zneužitelnou zranitelnost, která umožňuje neautentizovanému útočníkovi s přístupem přes HTTP provést kompromitaci systému. Úspěšné zneužití může vést až k úplnému převzetí Oracle Identity Manager i Oracle Web Services Manager, včetně možnosti remote code execution. Zranitelnost se nachází v komponentách REST WebServices (Oracle Identity Manager) a Web Services Security (Oracle Web Services Manager) v produktech Oracle Fusion Middleware. Postihuje verze 12.2.1.4.0 a 14.1.2.1.0. Oracle vydal bezpečnostní aktualizace řešící tento problém a důrazně doporučuje jejich okamžité nasazení. Zranitelnost je opravena v rámci záplat dostupných v dokumentaci Fusion Middleware Patch Availability. 📌Doporučujeme aktualizovat na nejnovější verzi.

Over 511 000 End-of-Life Microsoft IIS instances seen in our daily scans, out of those over 227 000 instances that are beyond the official Microsoft Extended Security Updates (ESU) period. We now tag those 'eol-iis' and 'eos-iis' respectively in our Vulnerable HTTP reports.

Critical Quest KACE Vulnerability Potentially Exploited in Attacks securityweek.com/critical-quest…

Critical Langflow Vulnerability Exploited Hours After Public Disclosure securityweek.com/critical-langf…

Critical Langflow RCE vulnerability exploited within 20 hours scworld.com/news/critical-…

🛡️ Oracle Issues Security Update for Critical RCE Flaw in Identity Manager & Web Services Manager Source: cybersecuritynews.com/oracle-urgent-… Oracle has issued an out-of-band Security Alert addressing a critical remote code execution (RCE) vulnerability, CVE-2026-21992, affecting two widely deployed Fusion Middleware components, Oracle Identity Manager and Oracle Web Services Manager. CVE-2026-21992 is an unauthenticated, remotely exploitable flaw that requires no user interaction or special privileges to exploit. The attack vector is network-based with low complexity, meaning a threat actor only needs HTTP access to an exposed endpoint to potentially trigger remote code execution. #cybersecuritynews #oracle

⚠️ WARNING - A Trivy-linked supply chain attack has escalated into a self-propagating npm worm now spreading across dozens of packages. It steals npm tokens, republishes itself, and spreads through developer machines and CI. Uses an ICP canister to rotate payloads and resist takedowns. 🔗 How the worm spreads and updates payloads → thehackernews.com/2026/03/trivy-…

Oracle pushes emergency fix for critical Identity Manager RCE flaw bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Warning: High severity nginx Config Injection in #IngressNginx #Kubernetes. #CVE-2026-4342 CVSS: 8.8. Malicious Ingress annotations can be used to inject configuration which will lead to arbitrary code execution in the controller. ccb.belgium.be/advisories/war… #Patch #Patch #Patch

🛑 ALERT - Trivy, a popular open-source vulnerability scanner, was compromised after attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer. It ran in CI pipelines, stealing creds and tokens, then exfiltrating data or staging it via stolen GitHub PATs. 🔗 Attack flow, impacted versions, fixes → thehackernews.com/2026/03/trivy-…

Warning: High severity Stored XSS in #LuCI the #OpenWrt Configuration Interface. CVE-2026-32721 CVSS: 8.6. Malicious SSIDs can inject arbitrary HTML/JavaScript via the wireless scan modal. #Patch #Patch #Patch

⚠️ Langflow CVE-2026-33017 was exploited in 20 hours of disclosure. An exposed API runs attacker-supplied Python with no auth, enabling full server takeover. Real attacks show credential theft, file access, and staged payload delivery. 🔗 Read → thehackernews.com/2026/03/critic…

New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

⚠️ A critical Magento flaw lets attackers upload files without login and take over stores. The issue, PolyShell, uses the REST API to upload hidden malicious files as images. This can lead to remote code execution or stored XSS. No fix for current versions yet. 🔗 Read → thehackernews.com/2026/03/magent…

Russian APT Exploits Zimbra Vulnerability Against Ukraine securityweek.com/russian-apt-ex…

🛑 Perseus, a new #Android malware, enables full device takeover via Accessibility abuse. It runs live remote sessions, steals banking credentials, and scans notes apps for sensitive data. It spreads through IPTV-style apps delivered via phishing and sideloading. 🔗 Read → thehackernews.com/2026/03/new-pe…