22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
The Hacker News 21.04.2026 15:46
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.
The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
CSO Online 21.04.2026 12:35
A high-severity authentication flaw in Microsoft’s Azure SRE Agent exposed sensitive agent data to unauthorized network access, according to a confirmed vulnerability disclosure.
The issue was identified by Enclave AI researcher Yanir Tsarimi, who detailed the findings in a blog post describing how agent interactions could be accessed without proper authentication controls. The vulnerability has been tracked as CVE-2026-32173 and rated critical with a CVSS score of 8.6.
Prompt injection turned Google’s Antigravity file search into RCE
CSO Online 21.04.2026 12:16
Security researchers have revealed a prompt injection flaw in Google’s Antigravity IDE that could be weaponized to bypass its sandbox protections and achieve remote code execution (RCE).
The issue came from Antigravity’s ability to allow AI agents to invoke native functions, like searching files, on behalf of the user. Designed to kill complexity, the feature could allow attackers to inject malicious input into a tool parameter.
13 Jahre unentdeckt: Mittels KI aufgespürte Lücke gefährdet Tausende Server
Golem 21.04.2026 09:27
Hacker nutzen eine gefährliche und mithilfe von KI entdeckte Sicherheitslücke in Apache ActiveMQ aus. Auch in Deutschland sollten Admins tätig werden. (Sicherheitslücke, Apache)
Schadcode-Lücke mit Höchstwertung bedroht Firebird
Heise Security 21.04.2026 07:47
Das Open-Source-Datenbankmanagementsystem Firebird ist über mehrere Wege angreifbar. Es kann Schadcode auf Systeme gelangen.
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
The Hacker News 21.04.2026 06:23
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.
The list of vulnerabilities is as follows –
CVE-2023-27351 (CVSS score: 8.2) – An improper authentication vulnerability in PaperCut