vulnerability

Security gap in Perplexity’s Comet browser exposed users to system-level attacks

agentic AI, AI, API security, browser, Don't miss, Hot stuff, News, Perplexity, research, SquareX, vulnerability /

Security gap in Perplexity’s Comet browser exposed users to system-level attacks 2025-11-20 at 17:56 By Zeljka Zorz There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s […]

Security gap in Perplexity’s Comet browser exposed users to system-level attacks Read More »

Recent 7-Zip Vulnerability Exploited in Attacks

7-Zip, exploited, Featured, Vulnerabilities, vulnerability /

Recent 7-Zip Vulnerability Exploited in Attacks 2025-11-20 at 13:09 By Ionut Arghire A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists. The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent 7-Zip Vulnerability Exploited in Attacks Read More »

SolarWinds Patches Three Critical Serv-U Vulnerabilities

SolarWinds, Vulnerabilities, vulnerability /

SolarWinds Patches Three Critical Serv-U Vulnerabilities 2025-11-20 at 09:32 By Eduard Kovacs SolarWinds Serv-U is affected by vulnerabilities that can be exploited for remote code execution. The post SolarWinds Patches Three Critical Serv-U Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SolarWinds Patches Three Critical Serv-U Vulnerabilities Read More »

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)

7-Zip, Don't miss, Hot stuff, News, NHS, PoC, vulnerability, Windows /

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) 2025-11-19 at 16:46 By Zeljka Zorz NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by attackers. “Active exploitation of CVE-2025-11001 has been observed in the wild,” the alert says,

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) Read More »

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)

CISA, Don't miss, Fortinet, Hot stuff, NCSC-NL, News, Trend Micro, vulnerability /

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) 2025-11-19 at 13:47 By Zeljka Zorz Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 CVE-2025-58034 is an OS Command Injection flaw caused by improper neutralization of special elements. It allows authenticated attackers to execute unauthorized

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) Read More »

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

exploited, Featured, Fortinet, FortiWeb, Vulnerabilities, vulnerability, Zero-Day /

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week 2025-11-19 at 11:49 By Ionut Arghire An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week Read More »

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking

AV, Imunigy360, Vulnerabilities, vulnerability, website security /

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking 2025-11-14 at 15:22 By Eduard Kovacs A vulnerability in ImunifyAV can be exploited for arbitrary code execution by uploading a malicious file to shared servers. The post Imunify360 Vulnerability Could Expose Millions of Sites to Hacking appeared first on SecurityWeek. This article is an excerpt from

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking Read More »

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn

Defused, Don't miss, Fortinet, Hot stuff, News, PoC, Rapid7, vulnerability, WatchTowr, web application security /

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn 2025-11-14 at 14:10 By Zeljka Zorz A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on vulnerable, internet-facing devices. Whether intentionally or accidentally, the vulnerability (or this specific path for triggering it) has

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn Read More »

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure

AI, Artificial Intelligence, ChatGPT, OpenAI, SSRF, vulnerability /

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure 2025-11-13 at 17:50 By Eduard Kovacs A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token.  The post ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure Read More »

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again)

CISA, Cisco, Don't miss, Government, Hot stuff, News, patching, vulnerability /

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again) 2025-11-13 at 17:14 By Zeljka Zorz CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In CISA’s analysis of agency-reported data, CISA has identified devices marked as ‘patched’

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again) Read More »

Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases

Chrome, Firefox, patch, Vulnerabilities, vulnerability /

Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases 2025-11-13 at 07:38 By Ionut Arghire Google and Mozilla have released fresh Chrome and Firefox updates that address multiple high-severity security defects. The post Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases appeared first on SecurityWeek. This article is an excerpt

Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases Read More »

High-Severity Vulnerabilities Patched by Ivanti and Zoom

Ivanti, Vulnerabilities, vulnerability, Zoom /

High-Severity Vulnerabilities Patched by Ivanti and Zoom 2025-11-12 at 14:44 By Ionut Arghire Ivanti and Zoom resolved security defects that could lead to arbitrary file writes, elevation of privilege, code execution, and information disclosure. The post High-Severity Vulnerabilities Patched by Ivanti and Zoom appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

High-Severity Vulnerabilities Patched by Ivanti and Zoom Read More »

Microsoft Patches Actively Exploited Windows Kernel Zero-Day

exploited, Featured, Vulnerabilities, vulnerability, Windows, Zero-Day /

Microsoft Patches Actively Exploited Windows Kernel Zero-Day 2025-11-11 at 23:07 By Eduard Kovacs Microsoft’s latest Patch Tuesday updates address more than 60 vulnerabilities in Windows and other products. The post Microsoft Patches Actively Exploited Windows Kernel Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches Actively Exploited Windows Kernel Zero-Day Read More »

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)

0-day, CISA, CVE, Don't miss, Government, Hot stuff, News, Palo Alto Networks, Samsung, spyware, vulnerability /

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) 2025-11-11 at 17:38 By Zeljka Zorz CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian agencies to address it by the start of December. “This type of vulnerability is a frequent attack

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) Read More »

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager

patch, SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager 2025-11-11 at 16:59 By Ionut Arghire Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager Read More »

QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland

NAS, Pwn2Own, Pwn2Own 2025, Pwn2Own Ireland, QNAP, Vulnerabilities, vulnerability /

QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland 2025-11-10 at 16:49 By Ionut Arghire Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions. The post QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland Read More »

Runc Vulnerabilities Can Be Exploited to Escape Containers

container, Runc, Vulnerabilities, vulnerability /

Runc Vulnerabilities Can Be Exploited to Escape Containers 2025-11-10 at 16:29 By Eduard Kovacs The flaws tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 have been patched. The post Runc Vulnerabilities Can Be Exploited to Escape Containers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Runc Vulnerabilities Can Be Exploited to Escape Containers Read More »

Two New Web Application Risk Categories Added to OWASP Top 10

Application Security, OWASP, OWASP Top 10, vulnerability, web application /

Two New Web Application Risk Categories Added to OWASP Top 10 2025-11-10 at 15:21 By Ionut Arghire OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications. The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first

Two New Web Application Risk Categories Added to OWASP Top 10 Read More »

Data Exposure Vulnerability Found in Deep Learning Tool Keras

AI, Artificial Intelligence, Keras, Vulnerabilities, vulnerability /

Data Exposure Vulnerability Found in Deep Learning Tool Keras 2025-11-07 at 15:41 By Ionut Arghire The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks. The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek. This article is an excerpt from

Data Exposure Vulnerability Found in Deep Learning Tool Keras Read More »

Scroll to Top