Report Finds Just 1% of Security Flaws Drive Most Cyberattacks in 2025
New VulnCheck research reveals that while thousands of CVEs are discovered yearly, only 1% drive real-world impact.
Vulnerability
Claude Code Flaws Exposed Developer Devices to Silent Hacking
Anthropic has patched vulnerabilities whose impact was demonstrated by Check Point via malicious configuration files.
The post Claude Code Flaws Exposed Developer Devices to Silent Hacking appeared first on SecurityWeek.
Zyxel Patches Critical Vulnerability in Many Device Models
The issue impacts the UPnP function of multiple device models and could be exploited for remote code execution.
The post Zyxel Patches Critical Vulnerability in Many Device Models appeared first on SecurityWeek.
Zyxel Vulnerabilities Allow Remote Attackers to Execute Commands via Command Injection
Zyxel has rolled out critical security patches for multiple vulnerabilities affecting its 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders. The flaws range from null pointer dereferences causing Denial-of-Service…
ServiceNow AI Platform Vulnerability Allows Remote Code Execution
ServiceNow has disclosed a critical security vulnerability in its AI Platform that could allow unauthenticated attackers to remotely execute code within the ServiceNow Sandbox environment. Tracked as CVE-2026-0542, the flaw was formally published on Fe…
Trend Micro Patches Critical Apex One Vulnerabilities
TrendAI has fixed eight critical and high-severity issues in Windows and macOS endpoint security products.
The post Trend Micro Patches Critical Apex One Vulnerabilities appeared first on SecurityWeek.
Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers
Already added to CISA’s KEV catalog, the flaw allows attackers to bypass authentication and gain administrative privileges.
The post Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers appeared first on SecurityWeek.
Kali Linux Introduces Claude AI for Automated Penetration Testing Using Model Context Protocol
Offensive security operations are evolving with a new method for running Kali Linux. By combining Kali with Anthropic’s Claude AI via the Model Context Protocol (MCP), security analysts can now execute penetration testing tools using simple natural lan…
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Cisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network…
SolarWinds Patches Four Critical Serv-U Vulnerabilities
The four security defects could be exploited for remote code execution but require administrative privileges.
The post SolarWinds Patches Four Critical Serv-U Vulnerabilities appeared first on SecurityWeek.