More results...
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0…
Security researchers have identified a dangerous flaw in the Windows Graphics Component that enables attackers to seize complete control of computers using nothing more than a crafted image file. The vulnerability, tracked as CVE-2025-50165, represents…
There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user…
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223…
SquareX warns Perplexity’s Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.
noBGP has launched pi GPT, a groundbreaking integration that transforms Raspberry Pi devices into ChatGPT-controlled development and production environments. The new tool eliminates the complexity of traditional networking, allowing developers to write…
The United States, Australia, and the United Kingdom have announced coordinated sanctions against Media Land, a Russia-based bulletproof hosting provider, and related entities for supporting ransomware operations and other cybercrimes. The Department o…
A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists.
The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek.
A critical authentication bypass vulnerability in the Milvus vector database could allow attackers to gain administrative access without credentials. The flaw exists in how the Milvus Proxy component handles HTTP headers, treating user-controlled data …
Twonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to steal administrator credentials and take complete control of the media server. Security researchers at Rapid7 discovered tha…