Vulnerabilities

The Cat’s Out of the Bag: A ‘Meow Attack’ Data Corruption Campaign Simulation via MAD-CAT

The Cat’s Out of the Bag: A ‘Meow Attack’ Data Corruption Campaign Simulation via MAD-CAT 2025-11-07 at 19:39 By Karl Biron In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack), which explored the notorious Meow attack campaign that had plagued unsecured databases since 2020. That article focused […]

The Cat’s Out of the Bag: A ‘Meow Attack’ Data Corruption Campaign Simulation via MAD-CAT Read More »

Data Exposure Vulnerability Found in Deep Learning Tool Keras

Data Exposure Vulnerability Found in Deep Learning Tool Keras 2025-11-07 at 15:41 By Ionut Arghire The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks. The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek. This article is an excerpt from

Data Exposure Vulnerability Found in Deep Learning Tool Keras Read More »

Chrome 142 Update Patches High-Severity Flaws

Chrome 142 Update Patches High-Severity Flaws 2025-11-07 at 12:35 By Ionut Arghire An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution. The post Chrome 142 Update Patches High-Severity Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 142 Update Patches High-Severity Flaws Read More »

Cisco Patches Critical Vulnerabilities in Contact Center Appliance

Cisco Patches Critical Vulnerabilities in Contact Center Appliance 2025-11-06 at 14:50 By Ionut Arghire The flaws allow attackers to execute arbitrary code remotely and elevate their privileges to root on an affected system. The post Cisco Patches Critical Vulnerabilities in Contact Center Appliance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Cisco Patches Critical Vulnerabilities in Contact Center Appliance Read More »

CISA Warns of CWP Vulnerability Exploited in the Wild

CISA Warns of CWP Vulnerability Exploited in the Wild 2025-11-05 at 10:08 By Eduard Kovacs A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution. The post CISA Warns of CWP Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

CISA Warns of CWP Vulnerability Exploited in the Wild Read More »

SpiderLabs Ransomware Tracker Update October 2025: Qlin Doubles Down on Attacks

SpiderLabs Ransomware Tracker Update October 2025: Qlin Doubles Down on Attacks 2025-11-04 at 17:18 By The worldwide ransomware landscape saw a dramatic shift in attacks in October 2025, jumping 41% month over month, with the most prolific attacker, Qlin, more than doubling the number of attacks it launched, according to Trustwave, A LevelBlue Company, research.

SpiderLabs Ransomware Tracker Update October 2025: Qlin Doubles Down on Attacks Read More »

Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand

Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand 2025-11-04 at 16:27 By Trustwave SpiderLabs’ Cyber Threat Intelligence team is tracking the recent emergence of what appears to be the consolidation of three well-known threat groups into a “federated alliance” that offers, among its activities, Extortion-as-a-Service (EaaS). This article is an excerpt from SpiderLabs Blog

Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand Read More »

Apple Patches 19 WebKit Vulnerabilities 

Apple Patches 19 WebKit Vulnerabilities  2025-11-04 at 13:25 By Ionut Arghire Apple has released iOS 26.1 and macOS Tahoe 26.1 with patches for over 100 vulnerabilities, including critical flaws. The post Apple Patches 19 WebKit Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Apple Patches 19 WebKit Vulnerabilities  Read More »

How Software Development Teams Can Securely and Ethically Deploy AI Tools

How Software Development Teams Can Securely and Ethically Deploy AI Tools 2025-11-03 at 18:13 By Matias Madou To deploy AI tools securely and ethically, teams must balance innovation with accountability—establishing strong governance, upskilling developers, and enforcing rigorous code reviews. The post How Software Development Teams Can Securely and Ethically Deploy AI Tools appeared first on

How Software Development Teams Can Securely and Ethically Deploy AI Tools Read More »

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities 2025-11-03 at 12:27 By Ionut Arghire The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine. The post Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities Read More »

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog 2025-10-31 at 13:59 By Ionut Arghire Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation. The post CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog Read More »

Protecting the Systems that Sustain Us: Securing Critical Infrastructure During Cybersecurity Awareness Month

Protecting the Systems that Sustain Us: Securing Critical Infrastructure During Cybersecurity Awareness Month 2025-10-30 at 15:46 By To close out Trustwave’s, A LevelBlue Company, Cybersecurity Awareness Month 2025 coverage, we will take a look at securing critical infrastructure, one of the focus areas for the Cybersecurity and Infrastructure Security Agency (CISA). This article is an

Protecting the Systems that Sustain Us: Securing Critical Infrastructure During Cybersecurity Awareness Month Read More »

Bolstering Cybersecurity Resilience in the Public Sector

Bolstering Cybersecurity Resilience in the Public Sector 2025-10-29 at 19:07 By With digital transformation continuing unabated, the prevalence of legacy systems, and the rising interconnectedness of complex systems and services, organizations in the public sector face a plethora of challenges and cyber risks. This article is an excerpt from SpiderLabs Blog View Original Source

Bolstering Cybersecurity Resilience in the Public Sector Read More »

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability 2025-10-28 at 17:01 By Ionut Arghire The critical-severity flaw allows attackers to smuggle HTTP requests and access sensitive data, modify server files, or cause DoS conditions. The post QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability appeared first on SecurityWeek. This article is

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability Read More »

Year-Old WordPress Plugin Flaws Exploited to Hack Websites

Year-Old WordPress Plugin Flaws Exploited to Hack Websites 2025-10-27 at 12:57 By Ionut Arghire Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced. The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Year-Old WordPress Plugin Flaws Exploited to Hack Websites Read More »

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware 2025-10-27 at 11:33 By Ionut Arghire The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks. The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware Read More »

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks 2025-10-25 at 23:58 By Kevin Townsend Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox. The post OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks Read More »

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal 2025-10-25 at 23:58 By Eduard Kovacs WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution.  The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek. This article

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal Read More »

Critical Windows Server WSUS Vulnerability Exploited in the Wild 

Critical Windows Server WSUS Vulnerability Exploited in the Wild  2025-10-24 at 17:56 By Eduard Kovacs CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Critical Windows Server WSUS Vulnerability Exploited in the Wild  Read More »

Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta

Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta 2025-10-24 at 12:43 By Eduard Kovacs Questions have been raised over the technical viability of the purported WhatsApp exploit, but the researcher says he wants to keep his identity private. The post Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta appeared first on SecurityWeek. This

Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta Read More »

Scroll to Top