Vulnerabilities

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal

Emerging Threats, Security Research, threat hunting, Vulnerabilities /

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal 2025-08-13 at 21:40 By Nathaniel Morales and Nikita Kazymirskyi Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will […]

React to this headline:

Loading spinner

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal Read More »

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia

Chipmaker Patch Tuesday, CPU, Featured, patch, Patch Tuesday, Vulnerabilities, vulnerability /

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia 2025-08-13 at 15:35 By Eduard Kovacs Intel, AMD and Nvidia have published security advisories describing vulnerabilities found recently in their products. The post Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Read More »

Fortinet, Ivanti Release August 2025 Security Patches

Fortinet, Ivanti, patch, Patch Tuesday, Vulnerabilities /

Fortinet, Ivanti Release August 2025 Security Patches 2025-08-13 at 12:43 By Eduard Kovacs Fortinet and Ivanti have published new security advisories for their August 2025 Patch Tuesday updates.  The post Fortinet, Ivanti Release August 2025 Security Patches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Fortinet, Ivanti Release August 2025 Security Patches Read More »

Microsoft Patches Over 100 Vulnerabilities

Microsoft, patch, Patch Tuesday, Vulnerabilities, vulnerability /

Microsoft Patches Over 100 Vulnerabilities 2025-08-13 at 07:02 By Eduard Kovacs Microsoft’s August 2025 Patch Tuesday updates address critical vulnerabilities in Windows, Office, and Hyper-V. The post Microsoft Patches Over 100 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Microsoft Patches Over 100 Vulnerabilities Read More »

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event)

Application Security, Featured, Vulnerabilities, vulnerability /

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-12 at 15:35 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual

React to this headline:

Loading spinner

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »

SAP Patches Critical S/4HANA Vulnerability

patch, Patch Tuesday, SAP, Vulnerabilities, vulnerability /

SAP Patches Critical S/4HANA Vulnerability 2025-08-12 at 14:42 By Eduard Kovacs SAP has released 15 new security notes on the August 2025 Patch Tuesday, including for critical vulnerabilities. The post SAP Patches Critical S/4HANA Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

SAP Patches Critical S/4HANA Vulnerability Read More »

Chrome Sandbox Escape Earns Researcher $250,000

bug bounty, bug bounty program, Chrome, sandbox escape, Vulnerabilities, vulnerability /

Chrome Sandbox Escape Earns Researcher $250,000 2025-08-11 at 17:17 By Eduard Kovacs A researcher has been given the highest reward in Google’s Chrome bug bounty program for a sandbox escape with remote code execution. The post Chrome Sandbox Escape Earns Researcher $250,000 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Chrome Sandbox Escape Earns Researcher $250,000 Read More »

Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft

car hacking, Vulnerabilities /

Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft 2025-08-11 at 14:46 By Eduard Kovacs A researcher has demonstrated how a platform used by over 1,000 dealerships in the US could have been used to hack cars. The post Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft appeared

React to this headline:

Loading spinner

Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft Read More »

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds

Application Security, Featured, Vulnerabilities, vulnerability /

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds 2025-08-08 at 19:52 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appeared first on SecurityWeek. This

React to this headline:

Loading spinner

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds Read More »

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation

Emerging Threats, Microsoft Security, Security Research, Vulnerabilities /

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation 2025-08-08 at 19:08 By Serhii Melnyk, Cris Tomboc, King Orande The Trustwave SpiderLabs CTI team began correlating telemetry from multiple enterprise environments in response to a rapidly developing threat landscape involving the widespread exploitation of Microsoft SharePoint on-premises infrastructure. In this blog, we share

React to this headline:

Loading spinner

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation Read More »

How Legacy Manufacturing Systems Make a Hacker’s Job Easy

data breach, Vulnerabilities /

How Legacy Manufacturing Systems Make a Hacker’s Job Easy 2025-08-07 at 16:06 By Karl Sigler Outdated manufacturing systems are an easy target for ransomware, crippling production lines. Securing legacy systems is critical to avoid costly business disruption and data breaches. Phishing is the main entry for attackers in manufacturing, leading to 87% of all incidents.

React to this headline:

Loading spinner

How Legacy Manufacturing Systems Make a Hacker’s Job Easy Read More »

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment

hybrid, Microsoft Exchange, Vulnerabilities, vulnerability /

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment 2025-08-07 at 14:23 By Eduard Kovacs CISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments.  The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Read More »

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites

Akamai, CDN, Cloudflare, HTTP, HTTP request smuggling, Vulnerabilities /

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites 2025-08-07 at 12:46 By Eduard Kovacs A desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties. The post New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites appeared first on SecurityWeek.

React to this headline:

Loading spinner

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites Read More »

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Apex One, exploited, Trend Micro, Vulnerabilities, Zero-Day /

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild 2025-08-06 at 18:08 By Eduard Kovacs Trend Micro has rushed to fix two Apex One zero-days that may have been exploited by Chinese threat actors. The post Trend Micro Patches Apex One Vulnerabilities Exploited in Wild appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild Read More »

Microsoft Paid Out $17 Million in Bug Bounties in Past Year

bug bounty program, Microsoft, Vulnerabilities /

Microsoft Paid Out $17 Million in Bug Bounties in Past Year 2025-08-06 at 17:34 By Ionut Arghire Microsoft handed out $17 million in rewards to 344 security researchers through its bug bounty programs over the past year. The post Microsoft Paid Out $17 Million in Bug Bounties in Past Year appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Microsoft Paid Out $17 Million in Bug Bounties in Past Year Read More »

Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities

Vulnerabilities /

Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities 2025-08-06 at 16:45 By Kevin Townsend An AI extension to the Ox Security platform automatically generates organization specific code to fix vulnerabilities in the codebase. The post Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities Read More »

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC

Adobe, AEM Forms, PoC, Vulnerabilities, vulnerability /

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC 2025-08-06 at 13:18 By Ionut Arghire Adobe has released urgent security updates to resolve two AEM Forms vulnerabilities for which proof-of-concept (PoC) code exists. The post Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC Read More »

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor

Emerging Threats, Security Research, Vulnerabilities /

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor 2025-08-05 at 17:20 By Trustwave SpiderLabs’ latest research details the advanced persistent threat (APT) campaigns conducted by Silver Fox group, a significant and evolving threat actor. The likely China-based threat group primarily targets Chinese-speaking organizations. Trustwave SpiderLabs examines the tools, techniques, and procedures (TTPs)

React to this headline:

Loading spinner

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor Read More »

Understanding DocumentDB’s Network Security Trade-offs: The VPC Challenge

Database Protection, Vulnerabilities /

Understanding DocumentDB’s Network Security Trade-offs: The VPC Challenge 2025-08-05 at 17:20 By Selam Gebreananeya AWS DocumentDB by default is securely isolated within a VPC, unreachable from the public internet, what could be more secure? This security architecture can create unexpected challenges and complexity. The root cause? The very VPC isolation designed to protect DocumentDB can

React to this headline:

Loading spinner

Understanding DocumentDB’s Network Security Trade-offs: The VPC Challenge Read More »

Buy Me A Coffee
Thank you for visiting!