Android’s December 2025 Updates Patch Two Zero-Days 2025-12-02 at 15:15 By Ionut Arghire Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View […]
Android’s December 2025 Updates Patch Two Zero-Days Read More »
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack 2025-12-01 at 13:14 By Eduard Kovacs CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Read More »
Black Friday 2025: Aligning Cyber Resilience and Business Goals to Protect Your Retail Business 2025-11-25 at 17:04 By Black Friday Cyber Threats: As retail sales peak, cybercriminals ramp up attacks, targeting vulnerabilities in retail businesses during the holiday rush. Retailers Under Siege: In 2025, a significant number of retailers, including major brands, experienced increased cyberattacks,
Fluent Bit Vulnerabilities Expose Cloud Services to Takeover 2025-11-25 at 15:47 By Ionut Arghire Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Fluent Bit Vulnerabilities Expose Cloud Services to Takeover Read More »
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability 2025-11-24 at 17:48 By Eduard Kovacs CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability Read More »
Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day 2025-11-21 at 15:47 By Eduard Kovacs CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Read More »
SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance 2025-11-21 at 14:41 By Ionut Arghire The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories. The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first on SecurityWeek. This article is an excerpt
SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance Read More »
SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability 2025-11-21 at 13:20 By Eduard Kovacs SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake. The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek. This
SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability Read More »
Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts 2025-11-20 at 14:06 By Eduard Kovacs Researchers demonstrated a now-patched vulnerability that could have been used to enumerate all WhatsApp accounts. The post Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts Read More »
Recent 7-Zip Vulnerability Exploited in Attacks 2025-11-20 at 13:09 By Ionut Arghire A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists. The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent 7-Zip Vulnerability Exploited in Attacks Read More »
SolarWinds Patches Three Critical Serv-U Vulnerabilities 2025-11-20 at 09:32 By Eduard Kovacs SolarWinds Serv-U is affected by vulnerabilities that can be exploited for remote code execution. The post SolarWinds Patches Three Critical Serv-U Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
SolarWinds Patches Three Critical Serv-U Vulnerabilities Read More »
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp 2025-11-19 at 19:03 By Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi Trustwave SpiderLabs researchers have recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures. In this blog post, we will break down the techniques used in the
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp Read More »
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week 2025-11-19 at 11:49 By Ionut Arghire An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week Read More »
Meta Paid Out $4 Million via Bug Bounty Program in 2025 2025-11-18 at 17:31 By Eduard Kovacs The total amount of money given to bug bounty hunters by the social media giant has reached $25 million. The post Meta Paid Out $4 Million via Bug Bounty Program in 2025 appeared first on SecurityWeek. This article
Meta Paid Out $4 Million via Bug Bounty Program in 2025 Read More »
Chrome 142 Update Patches Exploited Zero-Day 2025-11-18 at 09:33 By Ionut Arghire The flaw was reported by Google’s Threat Analysis Group and was likely exploited by a commercial spyware vendor. The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chrome 142 Update Patches Exploited Zero-Day Read More »
Widespread Exploitation of XWiki Vulnerability Observed 2025-11-17 at 13:06 By Ionut Arghire The exploitation of the recent XWiki vulnerability has expanded to botnets, cryptocurrency miners, scanners, and custom tools. The post Widespread Exploitation of XWiki Vulnerability Observed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Widespread Exploitation of XWiki Vulnerability Observed Read More »
Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability 2025-11-14 at 23:49 By Ionut Arghire Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog. The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability appeared first on SecurityWeek. This
Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability Read More »
In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty 2025-11-14 at 17:38 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: EchoGram attack undermines AI guardrails, Asahi brewer still crippled after ransomware attack, Sora 2 system prompt uncovered. The post In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI
In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty Read More »
Imunify360 Vulnerability Could Expose Millions of Sites to Hacking 2025-11-14 at 15:22 By Eduard Kovacs A vulnerability in ImunifyAV can be exploited for arbitrary code execution by uploading a malicious file to shared servers. The post Imunify360 Vulnerability Could Expose Millions of Sites to Hacking appeared first on SecurityWeek. This article is an excerpt from
Imunify360 Vulnerability Could Expose Millions of Sites to Hacking Read More »
Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287 2025-11-14 at 15:10 By Fernando Martinez LevelBlue Labs is tracking a severe vulnerability in Windows Server Update Services (WSUS), CVE-2025-59287, that allows attackers to remotely execute code without authentication and is being exploited by threat actors to compromise vulnerable Windows Server users. This