Can your defenses withstand the biggest attacks of Summer 2025? From Interlock’s FileFix to Qilin, Scattered Spider, and ToolShell exploits—simulate them all against your organization’s defenses with Picus Security Validation Platform to find gaps before attackers do. […]
Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild
Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild.
The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025.
CVE-2025-21479
The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025.
CVE-2025-21479
Cisco Says User Data Stolen in CRM Hack
Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
The post Cisco Says User Data Stolen in CRM Hack appeared first on SecurityWeek.
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution.
The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model
The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model
Cisco discloses data breach impacting Cisco.com user accounts
Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative. […]
Black Hat USA 2025 – Summary of Vendor Announcements (Part 1)
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas.
The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 1) appeared first on SecurityWeek.
Vibe Coding: When Everyone’s a Developer, Who Secures the Code?
As AI makes software development accessible to all, security teams face a new challenge: protecting applications built by non-developers at unprecedented speed and scale.
The post Vibe Coding: When Everyone’s a Developer, Who Secures the Code? appeared first on SecurityWeek.
SonicWall urges admins to disable SSLVPN amid rising attacks
SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks. […]
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure.
This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer
This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer
Approov Raises $6.7 Million for Mobile App Security
Approov has raised $6.7 million in Series A funding to advance its mobile application and API security solutions.
The post Approov Raises $6.7 Million for Mobile App Security appeared first on SecurityWeek.