The vulnerabilities, described as "confused deputy" flaws, allow low-privilege users to trick trusted programs like Sudo or Postfix into performing dangerous actions.
Hewlett Packard Enterprise (HPE) has released patches for several vulnerabilities affecting its Aruba AOS-CX operating system, including a critical flaw that could allow attackers to reset administrator passwords.
The Cybersecurity and Infrastructure Security Agency has released a new emergency directive warning of the active exploitation of flaws in the Cisco Catalyst SD-WAN systems prevalent in federal networks, particularly the maximum severity authentication bypass vulnerability, tracked as CVE-2026-20127, reports Infosecurity Magazine.
Security Affairs reports Apple has rolled out iPadOS 15.8.7 and iOS 16.7.15 to patch vulnerabilities linked to the Coruna exploits and protect older iPad and iPhone devices that can no longer update to the latest iOS versions.
The hotpatch feature, which allows security updates to be installed and take effect without a restart, will become the default for devices meeting specific prerequisites, including those running Windows 11 version 24H2 or later and having the April 2026 security update installed.
The vulnerabilities, including three RCE flaws (CVE-2026-21666, CVE-2026-21667, and CVE-2026-21669) and one allowing execution as the postgres user (CVE-2026-21708), enable low-privileged users to execute remote code on vulnerable servers with low complexity.
Security researchers at Tenable identified the nine flaws, which impact users of various Looker Studio data connectors, including Google Sheets and PostgreSQL.
