§Source · SecurityWeek
SecurityWeek
Every dispatch we have aggregated from SecurityWeek.
All dispatches
Loading
§Source · SecurityWeek
Every dispatch we have aggregated from SecurityWeek.
All dispatchesEleven Microsoft-signed legacy UEFI shims can be abused to bypass Secure Boot, undermining platform integrity across devices.
Joint advisory warns state-sponsored actors are exploiting poorly secured routers across critical infrastructure, risking espionage and disruption.
Anthropic's Claude for Chrome extension has exploitable flaws enabling extensions to read Gmail, Docs, and Calendar data.
Google's Chrome 150 fixes 27 vulnerabilities, including 13 use-after-free bugs and two critical flaws.
KDDI data breach exploited a third-party zero-day, affecting roughly 12 million users' email accounts for ISPs.
Gitea flaw allows auth bypass via HTTP header, exposing repositories and secrets to attackers.
Januscape KVM vulnerability enables VM escape to execute code on hosts across Intel and AMD platforms.
Active exploitation of Adobe ColdFusion CVE-2026-48282 (CVSS 10.0) enables remote code execution on web servers.
Law enforcement and industry partners disrupted a vast proxy network, cutting off millions of compromised devices and reducing attack surface.
Major healthcare data breach exposed millions of patients’ personal and medical information, raising regulatory and patient-care risks.
CISA reports active exploitation of a patched SharePoint RCE; prioritize remediation across SharePoint servers.
Active exploitation of a Unified CM flaw confirmed with PoC activity; update and monitor for exploit attempts.
FortiBleed credential theft connected to INC and Lynx ransomware shows large-scale credential harvesting used for intrusions. Mitigations include credential hygiene and network segmentation.
CVE-led SimpleHelp vulnerability exploited to deliver malware and harvest credentials. Patch or upgrade to mitigate.
Critical flaw in Oracle E-Business Suite Payments component being exploited in the wild. Apply latest patches and monitor payment workflows.
Active exploitation of the Microsoft Defender privilege escalation flaw CVE-2026-33825 is fueling ransomware campaigns. Patches available; prioritise rapid remediation.
Get these articles delivered to your inbox.
Subscribe free