Vulnerabilities

Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand

Artificial Intelligence, data breach, Security Research, Vulnerabilities /

Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand 2025-11-04 at 16:27 By Trustwave SpiderLabs’ Cyber Threat Intelligence team is tracking the recent emergence of what appears to be the consolidation of three well-known threat groups into a “federated alliance” that offers, among its activities, Extortion-as-a-Service (EaaS). This article is an excerpt from SpiderLabs Blog […]

Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand Read More »

Apple Patches 19 WebKit Vulnerabilities 

apple, iOS, macOS, Vulnerabilities, vulnerability, WebKit /

Apple Patches 19 WebKit Vulnerabilities  2025-11-04 at 13:25 By Ionut Arghire Apple has released iOS 26.1 and macOS Tahoe 26.1 with patches for over 100 vulnerabilities, including critical flaws. The post Apple Patches 19 WebKit Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Apple Patches 19 WebKit Vulnerabilities  Read More »

How Software Development Teams Can Securely and Ethically Deploy AI Tools

AI, Artificial Intelligence, Development, SDLC, Vulnerabilities /

How Software Development Teams Can Securely and Ethically Deploy AI Tools 2025-11-03 at 18:13 By Matias Madou To deploy AI tools securely and ethically, teams must balance innovation with accountability—establishing strong governance, upskilling developers, and enforcing rigorous code reviews. The post How Software Development Teams Can Securely and Ethically Deploy AI Tools appeared first on

How Software Development Teams Can Securely and Ethically Deploy AI Tools Read More »

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

Chrome, Vulnerabilities, vulnerability /

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities 2025-11-03 at 12:27 By Ionut Arghire The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine. The post Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities Read More »

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog

CISA KEV, exploited, VMWare, Vulnerabilities, XWiki /

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog 2025-10-31 at 13:59 By Ionut Arghire Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation. The post CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog Read More »

Protecting the Systems that Sustain Us: Securing Critical Infrastructure During Cybersecurity Awareness Month

Emerging Threats, Government, Vulnerabilities /

Protecting the Systems that Sustain Us: Securing Critical Infrastructure During Cybersecurity Awareness Month 2025-10-30 at 15:46 By To close out Trustwave’s, A LevelBlue Company, Cybersecurity Awareness Month 2025 coverage, we will take a look at securing critical infrastructure, one of the focus areas for the Cybersecurity and Infrastructure Security Agency (CISA). This article is an

Protecting the Systems that Sustain Us: Securing Critical Infrastructure During Cybersecurity Awareness Month Read More »

Bolstering Cybersecurity Resilience in the Public Sector

Emerging Threats, Government, Vulnerabilities /

Bolstering Cybersecurity Resilience in the Public Sector 2025-10-29 at 19:07 By With digital transformation continuing unabated, the prevalence of legacy systems, and the rising interconnectedness of complex systems and services, organizations in the public sector face a plethora of challenges and cyber risks. This article is an excerpt from SpiderLabs Blog View Original Source

Bolstering Cybersecurity Resilience in the Public Sector Read More »

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability

ASP.NET, QNAP, Vulnerabilities, vulnerabiltity /

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability 2025-10-28 at 17:01 By Ionut Arghire The critical-severity flaw allows attackers to smuggle HTTP requests and access sensitive data, modify server files, or cause DoS conditions. The post QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability appeared first on SecurityWeek. This article is

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability Read More »

Year-Old WordPress Plugin Flaws Exploited to Hack Websites

exploited, Vulnerabilities, vulnerability, WordPress /

Year-Old WordPress Plugin Flaws Exploited to Hack Websites 2025-10-27 at 12:57 By Ionut Arghire Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced. The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Year-Old WordPress Plugin Flaws Exploited to Hack Websites Read More »

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

Chrome, Dante, exploited, Hacking Team, spyware, Vulnerabilities, Zero-Day /

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware 2025-10-27 at 11:33 By Ionut Arghire The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks. The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware Read More »

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks

Artificial Intelligence, ChatGPT, jailbreak, OpenAI, Vulnerabilities, vulnerability /

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks 2025-10-25 at 23:58 By Kevin Townsend Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox. The post OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks Read More »

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal

controversy, exploit, fake hack, Featured, Pwn2Own, Vulnerabilities, WhatsApp /

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal 2025-10-25 at 23:58 By Eduard Kovacs WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution.  The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek. This article

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal Read More »

Critical Windows Server WSUS Vulnerability Exploited in the Wild 

CVE-2025-59287, exploited, Featured, Microsoft, Vulnerabilities, Windows, Windows Server, Wsus /

Critical Windows Server WSUS Vulnerability Exploited in the Wild  2025-10-24 at 17:56 By Eduard Kovacs CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Critical Windows Server WSUS Vulnerability Exploited in the Wild  Read More »

Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta

exploit, Featured, hack, Mobile & Wireless, Pwn2Own 2025, Pwn2Own Ireland, Pwn2Own Ireland 2025, Vulnerabilities, WhatsApp, Zero-Day /

Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta 2025-10-24 at 12:43 By Eduard Kovacs Questions have been raised over the technical viability of the purported WhatsApp exploit, but the researcher says he wants to keep his identity private. The post Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta appeared first on SecurityWeek. This

Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta Read More »

Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment

AI, Artificial Intelligence, Development, vibe coding, Vulnerabilities /

Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment 2025-10-23 at 14:39 By Kevin Townsend As AI coding tools flood enterprises with functional but flawed software, researchers urge embedding security checks directly into the AI workflow. The post Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment Read More »

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk

Adobe Commerce, exploited, magento, Vulnerabilities /

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk 2025-10-23 at 14:17 By Ionut Arghire Patched in September, the SessionReaper bug could be exploited without authentication to bypass a security feature. The post Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk appeared first on SecurityWeek. This article is

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk Read More »

BIND Updates Address High-Severity Cache Poisoning Flaws

BIND, cache poisoning, DNS, DoS, Vulnerabilities, vulnerability /

BIND Updates Address High-Severity Cache Poisoning Flaws 2025-10-23 at 13:31 By Ionut Arghire The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache. The post BIND Updates Address High-Severity Cache Poisoning Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

BIND Updates Address High-Severity Cache Poisoning Flaws Read More »

Lanscope Endpoint Manager Zero-Day Exploited in the Wild

exploited, Lanscope, Motex, Vulnerabilities, vulnerability, Zero-Day /

Lanscope Endpoint Manager Zero-Day Exploited in the Wild 2025-10-23 at 13:05 By Ionut Arghire The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog. The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is

Lanscope Endpoint Manager Zero-Day Exploited in the Wild Read More »

TARmageddon Flaw in Popular Rust Library Leads to RCE

rust, TARmageddon, Vulnerabilities, vulnerability /

TARmageddon Flaw in Popular Rust Library Leads to RCE 2025-10-22 at 20:40 By Ionut Arghire The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries. The post TARmageddon Flaw in Popular Rust Library Leads to RCE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TARmageddon Flaw in Popular Rust Library Leads to RCE Read More »

Public Sector Ransomware Attacks Relentlessly Continue

data breach, Government, Vulnerabilities /

Public Sector Ransomware Attacks Relentlessly Continue 2025-10-22 at 17:12 By In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers suggest that ransomware attacks against government organizations are ramping

Public Sector Ransomware Attacks Relentlessly Continue Read More »

Scroll to Top