High-Severity Vulnerabilities Patched in Chrome, Firefox 2025-08-20 at 11:19 By Ionut Arghire Google and Mozilla have released patches for multiple high-severity vulnerabilities affecting Chrome and Firefox. The post High-Severity Vulnerabilities Patched in Chrome, Firefox appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
High-Severity Vulnerabilities Patched in Chrome, Firefox Read More »
Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-16 at 16:58 By SecurityWeek News CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared
Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »
Cisco Patches Critical Vulnerability in Firewall Management Platform 2025-08-15 at 10:48 By Eduard Kovacs Cisco has released over 20 advisories as part of its August 2025 bundled publication for ASA, FMC and FTD products. The post Cisco Patches Critical Vulnerability in Firewall Management Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Cisco Patches Critical Vulnerability in Firewall Management Platform Read More »
Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution 2025-08-14 at 17:04 By Eduard Kovacs Path traversal and XXE injection flaws allowing unauthenticated remote code execution have been patched in Xerox FreeFlow Core. The post Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution appeared first on SecurityWeek. This article is an excerpt
Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution Read More »
‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks 2025-08-14 at 14:31 By Eduard Kovacs The new DDoS attack vector, which involves HTTP/2 implementation flaws, has been compared to Rapid Reset. The post ‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks Read More »
Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) 2025-08-14 at 13:33 By Zeljka Zorz Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers. There are no public reports of exploitation, but the confirmation came from
Croatian research institute confirms ransomware attack via ToolShell vulnerabilities 2025-08-13 at 18:01 By Zeljka Zorz The Ruđer Bošković Institute (RBI), the largest Croatian science and technology research institute, has confirmed that it was the one of “at least 9,000 institutions worldwide” that were attacked using the Microsoft SharePoint “ToolShell” vulnerabilities. The attack happened on Thursday,
Croatian research institute confirms ransomware attack via ToolShell vulnerabilities Read More »
Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia 2025-08-13 at 15:35 By Eduard Kovacs Intel, AMD and Nvidia have published security advisories describing vulnerabilities found recently in their products. The post Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Read More »
Microsoft Patches Over 100 Vulnerabilities 2025-08-13 at 07:02 By Eduard Kovacs Microsoft’s August 2025 Patch Tuesday updates address critical vulnerabilities in Windows, Office, and Hyper-V. The post Microsoft Patches Over 100 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Microsoft Patches Over 100 Vulnerabilities Read More »
CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-12 at 15:35 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual
CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »
SAP Patches Critical S/4HANA Vulnerability 2025-08-12 at 14:42 By Eduard Kovacs SAP has released 15 new security notes on the August 2025 Patch Tuesday, including for critical vulnerabilities. The post SAP Patches Critical S/4HANA Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
SAP Patches Critical S/4HANA Vulnerability Read More »
Chrome Sandbox Escape Earns Researcher $250,000 2025-08-11 at 17:17 By Eduard Kovacs A researcher has been given the highest reward in Google’s Chrome bug bounty program for a sandbox escape with remote code execution. The post Chrome Sandbox Escape Earns Researcher $250,000 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Chrome Sandbox Escape Earns Researcher $250,000 Read More »
Win-DDoS: Attackers can turn public domain controllers into DDoS agents 2025-08-11 at 16:02 By Zeljka Zorz SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one one of which (CVE-2025-32724) can also be leveraged to force public DCs to participate in distributed
Win-DDoS: Attackers can turn public domain controllers into DDoS agents Read More »
WinRAR zero day exploited by RomCom hackers in targeted attacks 2025-08-11 at 12:55 By Sinisa Markovic ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows versions of its command line tools, UnRAR.dll, or the portable
WinRAR zero day exploited by RomCom hackers in targeted attacks Read More »
CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds 2025-08-08 at 19:52 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appeared first on SecurityWeek. This
CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds Read More »
SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls 2025-08-07 at 14:34 By Zeljka Zorz Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment 2025-08-07 at 14:23 By Eduard Kovacs CISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments. The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Read More »
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC 2025-08-06 at 16:33 By Zeljka Zorz Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, CVE-2025-54254) with a publicly available proof-of-concept (PoC) exploit. Details about the flaws have been public
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC Read More »
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) 2025-08-06 at 15:05 By Zeljka Zorz Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform are being probed by attackers, the company has warned on Wednesday. Unfortunately for those organizations that use it, a patch
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) Read More »
Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass 2025-08-06 at 14:57 By Ionut Arghire ReVault vulnerabilities in the ControlVault3 firmware in Dell laptops could lead to firmware modifications or Windows login bypass. The post Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass appeared first on SecurityWeek. This article is
Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass Read More »