Amazon Cognito 1-Click Open Redirection via OAuth Error Handling Abuse
Amazon Cognito 1-Click Open Redirection via OAuth Error Handling Abuse Researchers associated with Tenable have discovered a 1-click open redirection technique in Amazon Cognito that can be triggered by abusing the OAuth error-handling mechanism. The vulnerability stems from AWS's OAuth implementation validation sequence: if validation fails due to an unsupported scope, mismatched PKCE parameters, or an unsupported response type,...
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only. - Read more
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems - Read more
Microsoft hits out over irresponsible vulnerability disclosure
Microsoft goes on the offensive after a disgruntled security researcher unleashed a series of zero-days without checking in first. - Read more
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec - Read more
MEPs urge European Commission to take action over Europol’s shadow IT
MEPs have written to the European Commission calling for action following revelations that Europol and Frontex processed, stored and transferred personal data in ways that raise serious concerns about compliance with EU law - Read more
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
Introduction
Containerization using Docker has become firmly established in modern development standards, significantly increasing the speed and convenience of deploying various services. Developers often use ready-made Docker images, making only minimal changes. The largest repository of container images is the Docker Hub service.
Container-hosted infrastructure is an attractive target for attackers. At a minimum, a compromised container can be used for...
Why and how to migrate to a Transit Gateway-attached AWS Network Firewall
AWS Network Firewall now supports native attachment to AWS Transit Gateway. Customers commonly use Transit Gateway to route traffic from Amazon Virtual Private Cloud (Amazon VPC) networks to a centralized inspection VPC (a VPC dedicated to hosting firewall endpoints for traffic inspection) where their network firewall endpoints are deployed. This centralized deployment model reduces the need to have Network...
Latest article
Siemens KACO Blueplanet Inverters
View CSAF
Summary
KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them...
Windows Netlogon Remote Code Execution Vulnerability
What is the Vulnerability? A critical vulnerability, CVE-2026-41089, affecting the Windows...
Attackers exploiting unpatched Cisco SD-WAN flaw
Cisco warns customers of an actively exploited high-severity vulnerability in Catalyst SD-WAN Manager, an enterprise network management system that has...
ICYMI: May 2026 @AWS Security
Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts,...
