More results...
A critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpat…
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essent…
Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks.
The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek.
Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulleti…
A new security flaw has been found in Apache Struts, a popular open‑source web application framework used by many companies worldwide. The issue, tracked as CVE‑2025‑64775, could allow attackers to fill a server’s disk space, causing it to stop working…
OpenAI’s Codex CLI, a command-line tool designed to bring AI-powered reasoning into developer workflows, contains a critical vulnerability that allows attackers to execute arbitrary commands on developer machines without any user interaction or a…
Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechani…
CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek.
Security researchers have discovered that modern attackers are abandoning traditional offensive tools and instead weaponizing legitimate Windows utilities to conduct cyberattacks without triggering security alarms. This shift in tactics, known as ̶…
A critical security vulnerability has been discovered in Devolutions Server, a popular centralized password and privileged access management solution. The flaw, rated critical severity by experts, could allow attackers to steal sensitive data or modify…