Picklescan Vulnerabilities Could Let Hackers Bypass AI Security Checks
Sonatype researchers uncover critical vulnerabilities in picklescan. Learn how these flaws impact AI model security, Hugging Face, and…
Vulnerability
Zoom Patches 4 High-Severity Vulnerabilities
Zoom has patched five vulnerabilities in its applications, including four high-severity flaws.
The post Zoom Patches 4 High-Severity Vulnerabilities appeared first on SecurityWeek.
CISA Issues Advisory on Windows NTFS Flaw Enabling Local Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding a significant vulnerability in the Microsoft Windows New Technology File System (NTFS). This security flaw, identified as CVE-2025-24993, involves a heap-…
Fortinet Patches 18 VulnerabilitiesÂ
Fortinet has published 17 new advisories to inform customers about 18 vulnerabilities patched in its products.
The post Fortinet Patches 18 Vulnerabilities appeared first on SecurityWeek.
CISA Warns of Exploitable Fast FAT Vulnerability in Microsoft Windows
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in the Microsoft Windows Fast FAT File System Driver. This vulnerability, identified as CVE-2025-24985, poses a significant threat as it…
The Rising Threat of API Attacks: How to Secure Your APIs in 2025
API attacks are constantly on the rise, with a recent alarming study showing that 59% of organizations give…
March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days
Microsoft’s March 2025 Patch Tuesday fixes six actively exploited zero-day vulnerabilities, including critical RCE and privilege escalation flaws. Learn how these vulnerabilities impact Windows systems and why immediate patching is essential.
Java Axios Package Vulnerability Threatens Millions of Servers with SSRF Exploit
A critical security issue has been identified in the Axios package for JavaScript, which poses significant risks to millions of servers due to server-side request forgery (SSRF) and credential leakage. This vulnerability occurs when absolute URLs are u…
Microsoft Patch Tuesday March 2025 – 6 Actively Exploited Zero-Days & 57 Vulnerabilities Are Fixed
Microsoft has rolled out its March 2025 Patch Tuesday update, addressing a total of 57 vulnerabilities across its software ecosystem, including 6 actively exploited Zero-day vulnerabilities. This release includes fixes for: Issued on the second Tuesday…
PHP XXE Injection Vulnerability Allows Attackers to Access Config Files & Private Keys
A newly uncovered XML External Entity (XXE) injection vulnerability in PHP has demonstrated how attackers can bypass multiple security mechanisms to access sensitive configuration files and private keys. The vulnerability, detailed by web application s…