More results...
A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on vulnerable, internet-facing devices. Whether intentionally or accidentally, the vulnera…
A vulnerability in ImunifyAV can be exploited for arbitrary code execution by uploading a malicious file to shared servers.
The post Imunify360 Vulnerability Could Expose Millions of Sites to Hacking appeared first on SecurityWeek.
The Washington Post disclosed a significant data breach affecting more than 9,700 employees and contractors following an external system compromise targeting its Oracle E-Suite infrastructure. The breach, which occurred on July 10, 2025, went undetecte…
A critical Remote Code Execution vulnerability has been patched in Imunify360 AV, a security product protecting approximately 56 million websites worldwide. Hosting companies must apply the patch immediately to prevent potential server compromises. The…
Payment processor Checkout.com recently experienced a data breach after being targeted by the cybercrime group “ShinyHunters.” The attackers accessed old data stored in a third-party cloud system. Luckily, Checkout.com’s live payment processing environ…
Palo Alto Networks has disclosed a denial-of-service vulnerability in its PAN-OS software that allows attackers to force firewalls into unexpected reboots using specially crafted network packets. The flaw, tracked as CVE-2025-4619, affects multiple ver…
A critical zero-day vulnerability in Fortinet FortiWeb has been actively exploited in the wild, allowing attackers to gain complete administrator access without any prior authentication. The flaw affects Fortinet’s Web Application Firewall, which…
A fast-spreading threat, known as the screen-sharing scam, is using a simple feature on WhatsApp to steal money…
A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token.
The post ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure appeared first on SecurityWeek.
CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In CISA’s analysis of agency-reported data, CISA h…