Vulnerabilities

Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft

car hacking, Vulnerabilities /

Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft 2025-08-11 at 14:46 By Eduard Kovacs A researcher has demonstrated how a platform used by over 1,000 dealerships in the US could have been used to hack cars. The post Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft appeared […]

Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft Read More »

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds

Application Security, Featured, Vulnerabilities, vulnerability /

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds 2025-08-08 at 19:52 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appeared first on SecurityWeek. This

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds Read More »

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation

Emerging Threats, Microsoft Security, Security Research, Vulnerabilities /

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation 2025-08-08 at 19:08 By Serhii Melnyk, Cris Tomboc, King Orande The Trustwave SpiderLabs CTI team began correlating telemetry from multiple enterprise environments in response to a rapidly developing threat landscape involving the widespread exploitation of Microsoft SharePoint on-premises infrastructure. In this blog, we share

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation Read More »

How Legacy Manufacturing Systems Make a Hacker’s Job Easy

data breach, Vulnerabilities /

How Legacy Manufacturing Systems Make a Hacker’s Job Easy 2025-08-07 at 16:06 By Karl Sigler Outdated manufacturing systems are an easy target for ransomware, crippling production lines. Securing legacy systems is critical to avoid costly business disruption and data breaches. Phishing is the main entry for attackers in manufacturing, leading to 87% of all incidents.

How Legacy Manufacturing Systems Make a Hacker’s Job Easy Read More »

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment

hybrid, Microsoft Exchange, Vulnerabilities, vulnerability /

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment 2025-08-07 at 14:23 By Eduard Kovacs CISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments.  The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Read More »

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites

Akamai, CDN, Cloudflare, HTTP, HTTP request smuggling, Vulnerabilities /

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites 2025-08-07 at 12:46 By Eduard Kovacs A desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties. The post New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites appeared first on SecurityWeek.

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites Read More »

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Apex One, exploited, Trend Micro, Vulnerabilities, Zero-Day /

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild 2025-08-06 at 18:08 By Eduard Kovacs Trend Micro has rushed to fix two Apex One zero-days that may have been exploited by Chinese threat actors. The post Trend Micro Patches Apex One Vulnerabilities Exploited in Wild appeared first on SecurityWeek. This article is an excerpt from

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild Read More »

Microsoft Paid Out $17 Million in Bug Bounties in Past Year

bug bounty program, Microsoft, Vulnerabilities /

Microsoft Paid Out $17 Million in Bug Bounties in Past Year 2025-08-06 at 17:34 By Ionut Arghire Microsoft handed out $17 million in rewards to 344 security researchers through its bug bounty programs over the past year. The post Microsoft Paid Out $17 Million in Bug Bounties in Past Year appeared first on SecurityWeek. This

Microsoft Paid Out $17 Million in Bug Bounties in Past Year Read More »

Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities

Vulnerabilities /

Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities 2025-08-06 at 16:45 By Kevin Townsend An AI extension to the Ox Security platform automatically generates organization specific code to fix vulnerabilities in the codebase. The post Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities appeared first on SecurityWeek. This article

Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities Read More »

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC

Adobe, AEM Forms, PoC, Vulnerabilities, vulnerability /

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC 2025-08-06 at 13:18 By Ionut Arghire Adobe has released urgent security updates to resolve two AEM Forms vulnerabilities for which proof-of-concept (PoC) code exists. The post Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC appeared first on SecurityWeek. This article is

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC Read More »

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor

Emerging Threats, Security Research, Vulnerabilities /

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor 2025-08-05 at 17:20 By Trustwave SpiderLabs’ latest research details the advanced persistent threat (APT) campaigns conducted by Silver Fox group, a significant and evolving threat actor. The likely China-based threat group primarily targets Chinese-speaking organizations. Trustwave SpiderLabs examines the tools, techniques, and procedures (TTPs)

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor Read More »

Understanding DocumentDB’s Network Security Trade-offs: The VPC Challenge

Database Protection, Vulnerabilities /

Understanding DocumentDB’s Network Security Trade-offs: The VPC Challenge 2025-08-05 at 17:20 By Selam Gebreananeya AWS DocumentDB by default is securely isolated within a VPC, unreachable from the public internet, what could be more secure? This security architecture can create unexpected challenges and complexity. The root cause? The very VPC isolation designed to protect DocumentDB can

Understanding DocumentDB’s Network Security Trade-offs: The VPC Challenge Read More »

Vibe Coding: When Everyone’s a Developer, Who Secures the Code?

AI, appsec, Artificial Intelligence, software, vibe coding, Vulnerabilities /

Vibe Coding: When Everyone’s a Developer, Who Secures the Code? 2025-08-05 at 16:42 By Kevin Townsend As AI makes software development accessible to all, security teams face a new challenge: protecting applications built by non-developers at unprecedented speed and scale. The post Vibe Coding: When Everyone’s a Developer, Who Secures the Code? appeared first on

Vibe Coding: When Everyone’s a Developer, Who Secures the Code? Read More »

Microsoft Offers $5 Million at Zero Day Quest Hacking Contest

AI, bug bounty program, hacking competition, Microsoft, Vulnerabilities, Zero Day Quest /

Microsoft Offers $5 Million at Zero Day Quest Hacking Contest 2025-08-05 at 11:38 By Ionut Arghire Research demonstrating high-impact cloud and AI security flaws will be rewarded at Microsoft’s Zero Day Quest competition in spring 2026. The post Microsoft Offers $5 Million at Zero Day Quest Hacking Contest appeared first on SecurityWeek. This article is

Microsoft Offers $5 Million at Zero Day Quest Hacking Contest Read More »

SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation

Featured, firewall, Ransomware, SonicWall, Vulnerabilities, Zero-Day /

SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation 2025-08-05 at 10:58 By Ionut Arghire Threat actors might be exploiting a zero-day vulnerability in SonicWall firewalls in a fresh wave of ransomware attacks. The post SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation Read More »

Nvidia Triton Vulnerabilities Pose Big Risk to AI Models

AI, Artificial Intelligence, NVIDIA, Triton Inference Server, Vulnerabilities, vulnerability /

Nvidia Triton Vulnerabilities Pose Big Risk to AI Models 2025-08-04 at 21:22 By Eduard Kovacs Nvidia has patched over a dozen vulnerabilities in Triton Inference Server, including another set of vulnerabilities that threaten AI systems.  The post Nvidia Triton Vulnerabilities Pose Big Risk to AI Models appeared first on SecurityWeek. This article is an excerpt

Nvidia Triton Vulnerabilities Pose Big Risk to AI Models Read More »

Several Vulnerabilities Patched in AI Code Editor Cursor 

Cursor, Vulnerabilities, vulnerability /

Several Vulnerabilities Patched in AI Code Editor Cursor  2025-08-04 at 13:24 By Ionut Arghire Attackers could silently modify sensitive MCP files to trigger the execution of arbitrary code without requiring user approval. The post Several Vulnerabilities Patched in AI Code Editor Cursor  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Several Vulnerabilities Patched in AI Code Editor Cursor  Read More »

Microsoft Boosts .NET Bounty Program Rewards to $40,000

.NET, bug bounty program, Microsoft, Vulnerabilities /

Microsoft Boosts .NET Bounty Program Rewards to $40,000 2025-08-01 at 16:01 By Ionut Arghire Valid, complete reports detailing remote code execution or elevation of privilege bugs in .NET qualify for the maximum rewards. The post Microsoft Boosts .NET Bounty Program Rewards to $40,000 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Microsoft Boosts .NET Bounty Program Rewards to $40,000 Read More »

$1 Million Offered for WhatsApp Exploit at Pwn2Own Ireland 2025

exploit, Pwn2Own, Pwn2Own 2025, Vulnerabilities, WhatsApp /

$1 Million Offered for WhatsApp Exploit at Pwn2Own Ireland 2025 2025-08-01 at 10:07 By Eduard Kovacs Meta is sponsoring ZDI’s Pwn2Own hacking competition, where participants can earn big prizes for smartphone, WhatsApp and wearable device exploits. The post $1 Million Offered for WhatsApp Exploit at Pwn2Own Ireland 2025 appeared first on SecurityWeek. This article is

$1 Million Offered for WhatsApp Exploit at Pwn2Own Ireland 2025 Read More »

Back Up With Care, But Neglecting Patches can Leave You in Despair!

Database Protection, Vulnerabilities /

Back Up With Care, But Neglecting Patches can Leave You in Despair! 2025-07-31 at 23:23 By Rox Harvey Rosales CVE-2024-7348, which was discovered by Noah Misch, is a race condition vulnerability affecting multiple versions of PostgreSQL when using the `pg_dump` utility. An attacker with sufficient privileges can exploit this vulnerability to execute arbitrary SQL commands

Back Up With Care, But Neglecting Patches can Leave You in Despair! Read More »

Scroll to Top