More results...
A recent campaign has targeted improperly secured Open WebUI systems, allowing threat actors to deploy malicious artificial intelligence payloads. Open WebUI is a highly popular self-hosted interface designed to enhance large language models. Shodan sc…
The SharePoint remote code execution vulnerability CVE-2026-20963, which Microsoft patched in January, has been exploited in the wild.
The post CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability appeared first on SecurityWeek.
Amazon found evidence that the FMC software vulnerability has been exploited since late January, and found links to Russia.
The post Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks appeared first on SecurityWeek.
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and organizations using the …
ConnectWise has released a critical security update for its ScreenConnect remote desktop software to address a severe vulnerability that allows attackers to hijack user sessions. The flaw, which compromises the protection of server-level cryptographic …
Google Threat Intelligence Group (GTIG) has uncovered a highly sophisticated iOS full-chain exploit dubbed DarkSword. Active since November 2025, this exploit leverages multiple zero-day vulnerabilities to compromise Apple devices running iOS 18.4 thro…
Security research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon Mad…
Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden…
Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mec…
Cybersecurity researchers have a detailed a critical security flaw in Fortinet’s FortiClient Enterprise Management Server (EMS). Tracked as CVE-2026-21643, this severe pre-authentication SQL injection vulnerability carries a near-maximum CVSS severity …