The Akira ransomware group took credit for the Fieldtex Products hack in November, claiming to have stolen 14 Gb of data.
The post Fieldtex Data Breach Impacts 238,000 appeared first on SecurityWeek.
Recent GeoServer Vulnerability Exploited in Attacks
Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request.
The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek.
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25.
The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek.
New Windows RasMan zero-day flaw gets free, unofficial patches
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. […]
Microsoft Bug Bounty Program Expanded to Third-Party Code
All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services.
The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek.
Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking
Notepad++ found a vulnerability in the way the software updater authenticates update files.
The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek.
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often by copying/pasting sensitive information directly into prompts or uploading files.
Traditional
Traditional
CISA orders feds to patch actively exploited Geoserver flaw
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. […]
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.
The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in
The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in
MITRE shares 2025’s top 25 most dangerous software weaknesses
MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. […]