Sim Studio AI – Unauthenticated OAuth Token Theft
Sim Studio AI - Unauthenticated OAuth Token Theft The `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId`...
Google Cloud Platform (GCP) Vertex AI Workbench Cross-Tenant Full Account Takeover with Managed End...
Google Cloud Platform (GCP) Vertex AI Workbench Cross-Tenant Full Account Takeover with Managed End User Credentials Tenable Research has identified and responsibly disclosed a...
[R1] Security Center Version 6.8.0 Fixes Multiple Vulnerabilities
Security Center Version 6.8.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/18/2026 - 08:32
Security Center leverages third-party software to help provide underlying functionality....
[R2] Security Center Version 6.8.0 Fixes Multiple Vulnerabilities
Security Center Version 6.8.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/18/2026 - 08:32
Security Center leverages third-party software to help provide underlying functionality....
[R2] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2:...
Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 Arnie Cabral Tue, 02/17/2026 - 08:32
Security...
Nanobot Unauthenticated WhatsApp Session Hijack via WebSocket Bridge
Nanobot Unauthenticated WhatsApp Session Hijack via WebSocket Bridge Tenable Research has identified and responsibly disclosed a vulnerability to Nanobot.The nanobot WhatsApp bridge server (`bridge/src/server.ts`)...
Gogs Cross-Repository Comment Deletion via DeleteComment
Gogs Cross-Repository Comment Deletion via DeleteComment Tenable Research has identified and responsibly disclosed an Insecure Direct Object References (IDOR) vulnerability to Gogs. The POST...
Google Cloud Platform (GCP) Cloud Logging Cross-Tenant Denial of Wallet with Log Analytics
Google Cloud Platform (GCP) Cloud Logging Cross-Tenant Denial of Wallet with Log Analytics Tenable Research has identified and responsibly disclosed a Denial of Wallet...
Google Cloud Platform (GCP) Cloud Logging Cross-Tenant BigQuery Leak with Log Analytics
Google Cloud Platform (GCP) Cloud Logging Cross-Tenant BigQuery Leak with Log Analytics Tenable Research has identified and responsibly disclosed a data exfiltration vulnerability in...
[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability
Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability Arnie Cabral Thu, 02/12/2026 - 10:40
A vulnerability has been identified where weak file...
Latest article
Why AI, Zero Trust, and modern security require deep visibility
AI. Automation. Zero Trust. They dominate every security strategy document. But there’s a truth sitting underneath all three: none of them...
Samsung MagicINFO Server Multiple Vulnerabilities
Samsung MagicINFO Server Multiple Vulnerabilities MagicINFO User Credential Disclosure (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)NOTE: Samsung mentioned this item may have been fixed with version 21.1090.1, but we were...
Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files
Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites.
The post Perplexity AI Browser Flaw...
Tycoon 2FA Phishing Kit Disrupted by Microsoft, Europol and Partners
Microsoft, Europol, and partners have dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform, seizing 330 domains used for credential theft and MFA bypass. This coordinated...
