SecurityWeek

Recent RoundCube Webmail Vulnerability Exploited in Attacks

The US cybersecurity agency CISA on Friday warned of two RoundCube Webmail vulnerabilities being exploited in the wild. Prevalent within government and enterprise networks, RoundCube Webmail is a ...
SecurityWeek

CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.
WeLiveSecurity

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught ...

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT ...
CIO Dive

Software vulnerabilities are being weaponized faster than ever

Threat groups are exploiting a small percentage of critical flaws well before security teams can mitigate, a VulnCheck report shows.

Anthropic's Claude Code Security is available now after finding 500+ vulnerabilities: how security leaders should respond

Anthropic's Claude Opus 4.6 surfaced 500+ high-severity vulnerabilities that survived decades of expert review. Fifteen days later, they shipped Claude Code Security. Here's what reasoning-based ...
Hosted on MSN

'You can now jailbreak your AMD CPU' — Google researchers release kit to exploit microcode vulnerability in Ryzen Zen 1 to Zen 4 chips

A team of Google researchers working with AMD recently discovered a major CPU exploit on Zen-based processors. The exploit allows anyone with local admin privileges to write and push custom microcode ...
TechRepublic

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

New research by cybersecurity firm Mandiant provides eyebrow-raising statistics on the exploitation of vulnerabilities by attackers, based on an analysis of 138 different exploited vulnerabilities ...
Dark Reading

Vulnerability Exploitation Is Shifting in 2024-25

The number of vulnerabilities exploited by threat actors may be holding steady, but the types of targeted flaws and the speed with which attackers are weaponizing them should give enterprises concern.
Ars Technica

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The ...
Cyber Defense Magazine

Reachability and Exploitability

Software today is built at a speed and scale we’ve never seen before. Teams release updates weekly, sometimes daily, and they ...
WeLiveSecurity

Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android

ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June 6 th, 2024. Using the exploit ...