latesthackingnews.com

How CVE-2026-20253 Turns Splunk’s PostgreSQL Sidecar Into an Open Door

CVE-2026-20253 is a CVSS 9.8 pre-auth flaw in Splunk Enterprise's PostgreSQL sidecar service. An unauthenticated attacker can ...
SecurityWeek

Atlassian, Splunk Patch Critical Vulnerabilities

Atlassian and Splunk have released patches for critical vulnerabilities, including dozens of flaws in third-party ...
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Business Wire

Standard Nuclear Executes First-of-Its-Kind Agreement with U.S. Department of Energy to Deploy Advanced Fuel Production Line

OAK RIDGE, Tenn.--(BUSINESS WIRE)--Standard Nuclear, Inc., a reactor-agnostic producer of TRISO nuclear fuel, announced today that it has executed an Other Transaction Agreement (OTA) with the U.S.

Franklin sergeant accused in fatal call response heads to grand jury

A Franklin Township sergeant accused of failing to respond to gunfire calls before a double homicide will face a grand jury ...