Chrome 142 Update Patches High-Severity Flaws 2025-11-07 at 12:35 By Ionut Arghire An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution. The post Chrome 142 Update Patches High-Severity Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chrome 142 Update Patches High-Severity Flaws Read More »
Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) 2025-11-06 at 17:16 By Zeljka Zorz Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root. The good news is that there is currently no evidence of
Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) Read More »
Cisco Patches Critical Vulnerabilities in Contact Center Appliance 2025-11-06 at 14:50 By Ionut Arghire The flaws allow attackers to execute arbitrary code remotely and elevate their privileges to root on an affected system. The post Cisco Patches Critical Vulnerabilities in Contact Center Appliance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Cisco Patches Critical Vulnerabilities in Contact Center Appliance Read More »
Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) 2025-11-05 at 14:59 By Zeljka Zorz On Tuesday, CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-11371, which affects Gladinet’s CentreStack and Triofox file-sharing and remote access platforms, and CVE-2025-48703, a vulnerability in Control Web Panel (CWP), a web hosting control panel designed for
Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) Read More »
Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks 2025-11-04 at 18:39 By Eduard Kovacs Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux. The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek. This article is
Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks Read More »
Apple Patches 19 WebKit Vulnerabilities 2025-11-04 at 13:25 By Ionut Arghire Apple has released iOS 26.1 and macOS Tahoe 26.1 with patches for over 100 vulnerabilities, including critical flaws. The post Apple Patches 19 WebKit Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Apple Patches 19 WebKit Vulnerabilities Read More »
Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities 2025-11-03 at 12:27 By Ionut Arghire The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine. The post Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities Read More »
Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) 2025-10-31 at 17:09 By Zeljka Zorz A Windows vulnerability (CVE-2025-9491, aka ZDI-CAN-25373) that state-sponsored threat actors and cybercrime groups have been quietly leveraging since at least 2017 continues to be exploited for attacks. “Arctic Wolf Labs assesses with high confidence that [the campaign they detected]
Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) Read More »
XWiki Vulnerability Exploited in Cryptocurrency Mining Operation 2025-10-29 at 12:54 By Ionut Arghire Exploits have been available publicly for over half a year, but the bug was previously targeted only for reconnaissance. The post XWiki Vulnerability Exploited in Cryptocurrency Mining Operation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
XWiki Vulnerability Exploited in Cryptocurrency Mining Operation Read More »
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) 2025-10-28 at 19:27 By Zeljka Zorz A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) Read More »
Year-Old WordPress Plugin Flaws Exploited to Hack Websites 2025-10-27 at 12:57 By Ionut Arghire Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced. The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Year-Old WordPress Plugin Flaws Exploited to Hack Websites Read More »
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks 2025-10-25 at 23:58 By Kevin Townsend Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox. The post OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks Read More »
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) 2025-10-24 at 15:38 By Zeljka Zorz Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About CVE-2025-59287 WSUS is a tool that helps
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) Read More »
Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) 2025-10-23 at 14:39 By Zeljka Zorz Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked over 250 exploitation attempts targeting multiple stores on Wednesday, and expects the attacks to continue at pace. About
Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) Read More »
BIND Updates Address High-Severity Cache Poisoning Flaws 2025-10-23 at 13:31 By Ionut Arghire The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache. The post BIND Updates Address High-Severity Cache Poisoning Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
BIND Updates Address High-Severity Cache Poisoning Flaws Read More »
Lanscope Endpoint Manager Zero-Day Exploited in the Wild 2025-10-23 at 13:05 By Ionut Arghire The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog. The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is
Lanscope Endpoint Manager Zero-Day Exploited in the Wild Read More »
TARmageddon Flaw in Popular Rust Library Leads to RCE 2025-10-22 at 20:40 By Ionut Arghire The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries. The post TARmageddon Flaw in Popular Rust Library Leads to RCE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
TARmageddon Flaw in Popular Rust Library Leads to RCE Read More »
Critical Vulnerabilities Patched in TP-Link’s Omada Gateways 2025-10-22 at 17:12 By Eduard Kovacs One of the flaws can be exploited by remote unauthenticated attackers for arbitrary command execution. The post Critical Vulnerabilities Patched in TP-Link’s Omada Gateways appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Vulnerabilities Patched in TP-Link’s Omada Gateways Read More »
Oracle Releases October 2025 Patches 2025-10-22 at 13:03 By Ionut Arghire The Critical Patch Update contains 374 new security patches that resolve many vulnerabilities. The post Oracle Releases October 2025 Patches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Oracle Releases October 2025 Patches Read More »
Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw 2025-10-21 at 13:46 By Ionut Arghire Affecting the Fireware OS iked process, the vulnerability can lead to remote code execution and does not require authentication. The post Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw appeared first on SecurityWeek. This article is an
Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw Read More »