Tag

Security Vulnerability

All articles tagged with #security vulnerability

technology1 month ago•34 min saved

Apple Alerts 800 Million iPhone Users to Critical WebKit Flaw

Apple warns of two critical WebKit flaws that could let hackers take control of iPhones or iPads via malicious websites. A patch is available in iOS 26.2 / iPadOS 26.2, but with roughly 800 million devices still unpatched, many users remain at risk. The most vulnerable models include iPhone 11 and newer and various iPad generations. The recommended defense is updating to the latest software (automatic updates should already protect most users; otherwise, manually install iOS 26.2).

via Yahoo|

#apple #ios-262 #iphone

network-security1 month ago•2 min saved

Cisco Patches Critical ISE Security Flaw Following Public Exploit

Cisco has released patches for a medium-severity security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) following the public release of a proof-of-concept exploit, which could allow attackers with administrative credentials to access sensitive information. The vulnerability affects multiple Cisco versions, and users are urged to update to the latest releases as no workarounds are available. Additionally, fixes have been provided for two other medium-severity bugs impacting Cisco products like Cisco Secure Firewall and Cisco IOS XE.

via The Hacker News|

#cisco #ise #network-security

technology1 month ago•1 min saved

IBM Issues Warning Over Critical API Connect Authentication Flaw

IBM has disclosed a critical security flaw in API Connect (CVE-2025-13915) that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability affects specific versions and is rated 9.8/10 on CVSS. Users are advised to apply the available fixes promptly or disable self-service sign-up to mitigate risks.

via The Hacker News|

#api-connect #authentication-bypass #cve-2025-13915

database-security1 month ago•2 min saved

Active Exploitation of Critical MongoDB Vulnerability CVE-2025-14847

A critical vulnerability in MongoDB, CVE-2025-14847, allows unauthenticated attackers to remotely leak sensitive data by exploiting a flaw in zlib compression, with over 87,000 instances potentially affected worldwide. Users are advised to update their MongoDB versions and implement mitigations such as disabling zlib compression and restricting server exposure.

via The Hacker News|

#cve-2025-14847 #data-leak #database-security

technology1 month ago•2 min saved

MongoBleed Vulnerability in MongoDB Now Actively Exploited in the Wild

A critical security flaw called MongoBleed (CVE-2025-14847) in MongoDB servers is actively exploited in the wild, allowing attackers to leak sensitive data through malformed network packets before authentication, affecting many versions and exposing approximately 87,000 vulnerable instances worldwide. Immediate patching and monitoring are recommended.

via CybersecurityNews|

#cve-2025-14847 #data-leak #mongobleed

technology2 months ago•2 min saved

MongoBleed Exploit Tool Released for Critical MongoDB Vulnerability

A PoC exploit called 'mongobleed' has been released for a critical MongoDB vulnerability (CVE-2025-14847) that allows attackers to remotely extract sensitive uninitialized memory data through a flaw in zlib decompression handling, prompting urgent patching and security measures.

via CybersecurityNews|

#cve-2025-14847 #exploit-tool #memory-leak

technology2 months ago•3 min saved

Critical LangChain Vulnerabilities Threaten AI System Security

A critical security flaw in LangChain Core (CVE-2025-68664) allows attackers to exploit serialization injection to steal secrets and manipulate LLM responses, prompting urgent updates to affected versions to mitigate risks.

via The Hacker News|

#cve-2025-68664 #langchain #prompt-injection

technology2 months ago•1 min saved

MongoDB Urges Immediate Patch for Critical RCE and Data Leak Vulnerabilities

MongoDB has issued an urgent warning to patch a severe remote code execution vulnerability (CVE-2025-14847) affecting multiple versions of its database software. The flaw, due to improper handling of length parameters, allows unauthenticated attackers to execute arbitrary code. Admins are advised to upgrade to patched versions immediately or disable zlib compression to mitigate the risk. The vulnerability has been actively exploited in the past, emphasizing the need for prompt action.

via BleepingComputer|

#cve-2025-14847 #mongodb #patch-update

technology4 months ago•1 min saved

QNAP Alerts Users to Critical ASP.NET Vulnerability in Backup Software

QNAP has issued a warning about a critical security flaw in its Windows backup software and NetBak PC Agent, related to the CVE-2025-55315 vulnerability in ASP.NET Core, which could allow attackers to hijack credentials or bypass security controls. Users are advised to update their ASP.NET Core runtime or reinstall the affected applications to mitigate risks. This follows previous security updates QNAP released for other vulnerabilities in its backup solutions.

via BleepingComputer|

#aspnet-core #backup-software #cve-2025-55315

technology4 months ago•4 min saved

Security Concerns Rise as New AI Browsers and ChatGPT Atlas Emerge

OpenAI's ChatGPT Atlas browser is vulnerable to prompt injection attacks where malicious URLs disguised as harmless links can trick the AI into executing harmful commands or redirecting users to malicious sites, highlighting ongoing security challenges in AI-enabled browsers.

via The Hacker News|

#ai-browser #chatgpt-atlas #malicious-urls

technology4 months ago•2 min saved

Microsoft Releases Urgent Patch for Active Windows Server WSUS Exploits

Microsoft has issued an emergency security update for Windows Server due to a critical vulnerability (CVE-2025-59287) that is actively being exploited in attacks, with CISA warning federal agencies to apply the update immediately to prevent remote code execution and system compromise.

via Forbes|

#cve-2025-59287 #cybersecurity #security-vulnerability

security4 months ago•3 min saved

Active Exploitation of Critical Windows Server WSUS Vulnerability Prompts Urgent Patch

A critical vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287, has been exploited by attackers shortly after an emergency patch was issued. The flaw allows remote code execution and affects Windows Server versions 2012-2025. Despite Microsoft releasing a fix, security researchers warn that the patch may not fully mitigate the risk, and exploitation activity has been observed, especially targeting exposed WSUS instances. Experts advise organizations to ensure their systems are properly patched and not exposed to the internet to prevent compromise.

via theregister.com|

#cve-2025-59287 #exploitation #patch-update

technology4 months ago•1 min saved

TARmageddon: Major Security Flaw in Popular Rust Library

A critical security vulnerability named TARmageddon (CVE-2025-62518) has been disclosed in the popular Rust async-tar library and its forks, allowing remote code execution through file overwriting, despite Rust's usual safety guarantees. The vulnerability affects downstream projects like uv Python package manager, and patching efforts are underway due to the lack of upstream maintenance for some forks.

via Phoronix|

#async-tar #remote-code-execution #rust

technology4 months ago•1 min saved

Google Patches 'Pixnapping' Android Attack Stealing 2FA and Messages

Google has addressed a security vulnerability called 'Pixnapping' that could allow malicious apps to steal sensitive data from secure apps on Android devices, including Pixel and Samsung Galaxy models. A partial fix was rolled out in September, with a further patch expected in December to fully resolve the issue, which involves exploiting Android's Intent system and GPU side channels.

via 9to5Google|

#android #december-update #google-patch

technology4 months ago•2 min saved

Microsoft Strengthens IE Mode Security Following Zero-Day Attacks

Microsoft has enhanced the security of IE mode in its Edge browser after reports of hackers exploiting legacy features to gain unauthorized access, involving social engineering and unpatched exploits in Internet Explorer's JavaScript engine. The company has removed automatic IE mode activation, requiring users to explicitly enable it for specific sites, aiming to balance legacy support with security.

via The Hacker News|

#cybersecurity #edge-browser #ie-mode