Explore

Rapid Read Rapid Read
Orthanc DICOM Server Vulnerabilities Threaten Healthcare Systems with Crashes and Remote Code Execution

Orthanc DICOM Server Vulnerabilities Threaten Healthcare Systems with Crashes and Remote Code Execution

Critical vulnerabilities have been discovered in Orthanc, an open-source DICOM server widely used in medical imaging workflows across healthcare and research environments. These vulnerabilities, affecting all versions up to 1.12.10, allow attackers to crash servers, exhaust system memory, leak sensitive information, and potentially execute remote code. The issues stem from unsafe arithmetic operations, missing bounds checks, and insufficient validation of metadata within DICOM files and HTTP requests. Given Orthanc's prevalence in healthcare infrastructure and the sensitive nature of medical imaging data, these flaws pose a significant risk to operational continuity and patient privacy. Users are strongly advised to upgrade to Orthanc version 1.12.11 or later to mitigate these threats.
Rapid Read Rapid Read
Quantum Computers Threaten Current Cryptography, Urging Transition to Quantum-Safe Systems

Quantum Computers Threaten Current Cryptography, Urging Transition to Quantum-Safe Systems

Recent advancements in quantum computing have raised concerns about the security of current cryptographic systems. Tech giants like Google and IBM are making significant progress in developing quantum computers, which could potentially break widely used encryption methods much sooner than anticipated. The National Institute of Standards and Technology (NIST) in the U.S. has recommended transitioning to quantum-safe cryptography by 2035, while similar guidance has been issued in Australia. The urgency is driven by improvements in quantum algorithms, which are reducing the resources needed to compromise existing encryption systems.
Trendline Trendline
Lloyds Banking Group's Quantum Computing Trial Uncovers Financial Crime Networks

Lloyds Banking Group's Quantum Computing Trial Uncovers Financial Crime Networks

Lloyds Banking Group's Quantum Computing Trial Uncovers Financial Crime Networks
Trendline Trendline
Adobe Releases Emergency Patches for Critical Reader Zero-Day Exploited for Months

Adobe Releases Emergency Patches for Critical Reader Zero-Day Exploited for Months

Adobe Releases Emergency Patches for Critical Reader Zero-Day Exploited for Months
Rapid Read Rapid Read
ShinyHunters Breach Rockstar Games' Snowflake Environment via Anodot, Threatens Data Leak

ShinyHunters Breach Rockstar Games' Snowflake Environment via Anodot, Threatens Data Leak

The hacking group ShinyHunters has claimed responsibility for a security breach involving Rockstar Games' Snowflake environment, accessed through a vulnerability in Anodot, a SaaS platform used for cloud cost monitoring and analytics. The group has threatened to leak a significant amount of data if their ransom demands are not met by April 14. This breach was announced on ShinyHunters' dark web site, where they stated that they had compromised Rockstar's Snowflake instances using authentication tokens obtained from Anodot. These tokens allowed them to access connected Snowflake accounts without exploiting vulnerabilities in Snowflake itself. The breach was not immediately detected as the access appeared legitimate, affecting several organizations before being contained.
Rapid Read Rapid Read
Orthanc DICOM Server Vulnerabilities Expose Healthcare Systems to Crashes and Remote Code Execution

Orthanc DICOM Server Vulnerabilities Expose Healthcare Systems to Crashes and Remote Code Execution

Nine security vulnerabilities have been identified in the Orthanc Digital Imaging and Communications in Medicine (DICOM) server, which is widely used in healthcare and medical research for the automated analysis of medical images. These vulnerabilities, tracked from CVE-2026-5437 to CVE-2026-5445, include issues such as heap-based buffer overflows, out-of-bounds reads, and memory exhaustion flaws. These defects can lead to server crashes, data leaks, and potentially allow attackers to execute arbitrary code remotely. The vulnerabilities were discovered by researchers at Machine Spirits and have been detailed in advisories by the CERT Coordination Center (CERT/CC). Users of Orthanc versions 1.12.10 and earlier are advised to update to version 1.12.11, which addresses these security issues.
Rapid Read Rapid Read
Critical Marimo Vulnerability Exploited Shortly After Disclosure

Critical Marimo Vulnerability Exploited Shortly After Disclosure

A critical vulnerability in Marimo, an open-source reactive notebook for Python, was exploited within hours of its public disclosure. The flaw, identified as CVE-2026-39987, allows unauthenticated remote code execution due to a lack of authentication validation in the terminal WebSocket endpoint. Sysdig reported that an attacker quickly developed an exploit from the advisory description, leading to credential theft and system command execution. The vulnerability affects all Marimo releases up to version 0.20.4, with users advised to update to version 0.23.0 or newer.
Trendline Trendline
Zero-Day Vulnerability in Adobe Reader Exploited for Months

Zero-Day Vulnerability in Adobe Reader Exploited for Months

Zero-Day Vulnerability in Adobe Reader Exploited for Months
Rapid Read Rapid Read
Critical Marimo Vulnerability Exploited Within Hours of Disclosure, Prompting Urgent Security Updates

Critical Marimo Vulnerability Exploited Within Hours of Disclosure, Prompting Urgent Security Updates

A critical vulnerability in Marimo, an open-source reactive notebook for Python, was exploited by a hacker just nine hours after its public disclosure. The flaw, identified as CVE-2026-39987, allows unauthenticated remote code execution due to a lack of authentication validation in the terminal WebSocket endpoint. This vulnerability enables attackers to execute arbitrary system commands without authentication. The first exploitation was observed shortly after the advisory was published, with the attacker using the exploit to steal credentials. The cybersecurity firm Sysdig reported that the attack involved manual reconnaissance and exfiltration of sensitive files, highlighting the rapid response of threat actors to newly disclosed vulnerabilities.
Trendline Trendline
Ongoing Zero-Day Attack Targets Adobe Reader Users

Ongoing Zero-Day Attack Targets Adobe Reader Users

Ongoing Zero-Day Attack Targets Adobe Reader Users
Trendline Trendline
Orthanc DICOM Vulnerabilities Pose Risks of Crashes and Remote Code Execution

Orthanc DICOM Vulnerabilities Pose Risks of Crashes and Remote Code Execution

Orthanc DICOM Vulnerabilities Pose Risks of Crashes and Remote Code Execution
Rapid Read Rapid Read
LAPD Data Breach Exposes Sensitive Files Online, Raising Security Concerns

LAPD Data Breach Exposes Sensitive Files Online, Raising Security Concerns

A significant data breach has occurred involving the Los Angeles Police Department (LAPD), where thousands of sensitive files have been leaked online. The breach includes disciplinary files of police officers and other confidential records from the L.A. city attorney's office. The hacking group WorldLeaks has claimed responsibility for the breach, which they announced on March 20. The group reportedly exploited vulnerabilities in a file-sharing system used by the city attorney's office, allowing them to access nearly 340,000 files. This system was initially created to handle lawsuits following the George Floyd protests, but it expanded to include records from hundreds of lawsuits involving the LAPD. The breach has led to concerns about the security of the city's cybersecurity measures, and investigations are underway to determine the extent of the breach and the responsible parties.