News Archives

Stay tuned with SecureLayer7 Announcements

March 31, 2026

Published by SecureLayer7 Lab at March 31, 2026

CVE-2025-59489: Unity Hub macOS DyLib Injection – TCC Bypass

macOS employs a layered security model to protect user privacy. At the heart of this model is Transparency, Consent, and Control (TCC) — the framework responsible […]

March 27, 2026

Published by Vikas Kumar at March 27, 2026

PyPl litellm Supply Chain Attack: How It Works And Prevention

A widely used Python package, litellm, was compromised through malicious PyPI versions 1.82.7 and 1.82.8. This incident has raised serious concerns among security professionals worldwide. Initially, […]

March 26, 2026

Published by SecureLayer7 Lab at March 26, 2026

CVE-2024-54676 — Apache OpenMeetings OpenJPA Deserialization RCE

CVE-2024-54676 is a critical (CVSS 9.8) Java deserialization vulnerability affecting Apache OpenMeetings versions prior to 8.0.0. This vulnerability allows an unauthenticated attacker to achieve Remote Code […]

March 23, 2026

Published by SecureLayer7 Lab at March 23, 2026

RegPwn (CVE-2026-24291): Windows Registry Vulnerability Explained

RegPwn (CVE-2026-24291) is a critical Windows Registry vulnerability that exposes enterprise systems to privilege escalation and potential system compromise. This flaw targets how Windows handles registry […]

March 19, 2026

Published by SecureLayer7 Lab at March 19, 2026

CVE-2026-22729: JSONPath Injection in Spring AI’s PgVectorStore

Contributors: Sandeep Kamble, BugDazz Autonomous Pentest AI, Rabit0 ModelPublication Date: March 19, 2026Severity Rating: High (CVSS Score: 8.6)Vulnerability Status: Zero-day at time of discovery While auditing the MariaDB vector store […]

March 19, 2026

Published by Rajesh N at March 19, 2026

Denial of Service (DoS) Attack: Types, Impact, and Prevention

Denial of Service (DoS) attacks are among the most disruptive cybersecurity threats, designed to overwhelm systems, networks, or applications and make them unavailable to legitimate users. […]

March 19, 2026

Published by SecureLayer7 Lab at March 19, 2026

CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store

Contributors: Sandeep Kamble, BugDazz Autonomous Pentest AI, Rabit0 ModelPublication Date: March 19, 2026Severity Rating: High (CVSS Score: 8.8)Vulnerability Status: Zero-day at time of discovery A financial services firm was […]

March 6, 2026

Published by Vikas Kumar at March 6, 2026

ClawdBot VS Code Trojan Analysis and OpenClaw Security Risks

On January 27, 2026, Aikido Security flagged a VS Code extension called “ClawdBot Agent” — a fully functional AI coding assistant that silently drops a ScreenConnect […]

March 2, 2026

Published by SecureLayer7 Lab at March 2, 2026

IPVanish VPN macOS Privilege Escalation – SecureLayer7

The IPVanish VPN application for macOS contains a critical privilege escalation vulnerability that allows any unprivileged local process to execute arbitrary code as root without user […]