LoginUnpatched Gogs Zero-Day Exploited for Months
The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution.
The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek.
Reading view
IBM Patches Over 100 Vulnerabilities
Most of the 100 vulnerabilities resolved this week, including critical flaws, were in third-party dependencies.
The post IBM Patches Over 100 Vulnerabilities appeared first on SecurityWeek.
US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups
Victoria Dubranova faces over 25 years in prison for links to Russia-backed CARR and NoName hacktivist groups.
The post US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups appeared first on SecurityWeek.
Fortinet Patches Critical Authentication Bypass Vulnerabilities
The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled.
The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek.
Ivanti EPM Update Patches Critical Remote Code Execution Flaw
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges.
The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek.
SAP Patches Critical Vulnerabilities With December 2025 Security Updates
Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution.
The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek.
Adobe Patches Nearly 140 Vulnerabilities
The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs.
The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek.
Microsoft Patches 57 Vulnerabilities, Three Zero-Days
Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges.
The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek.
US Posts $10 Million Bounty for Iranian Hackers
The US seeks information on the leader of Emennet Pasargad, Mohammad Bagher Shirinkar, and long-time employee Fatemeh Sedighian Kashi.
The post US Posts $10 Million Bounty for Iranian Hackers appeared first on SecurityWeek.
New βBroadsideβ Botnet Poses Risk to Shipping Companies
The botnet attempts to steal credentials from infected TBK DVR devices, in addition to abusing them to launch DDoS attacks.
The post New βBroadsideβ Botnet Poses Risk to Shipping Companies appeared first on SecurityWeek.
Equixly Raises $11 Million for AI-Powered API Penetration Testing
The Italian startup will use the investment to build proprietary AI models, accelerate global expansion, and hire new talent.
The post Equixly Raises $11 Million for AI-Powered API Penetration Testing appeared first on SecurityWeek.
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks
Chromeβs new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations.
The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek.
Resemble AI Raises $13 Million for AI Threat Detection
The cybersecurity startup will use the investment to accelerate product development and fuel global expansion.
The post Resemble AI Raises $13 Million for AI Threat Detection appeared first on SecurityWeek.
Ransomware Payments Surpassed $4.5 Billion: US Treasury
Ransomware payments reached the highest level in 2023, at $1.1 billion paid in 1,512 reported incidents.
The post Ransomware Payments Surpassed $4.5 Billion: US Treasury appeared first on SecurityWeek.
Critical Apache Tika Vulnerability Leads to XXE Injection
The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files.
The post Critical Apache Tika Vulnerability Leads to XXE Injection appeared first on SecurityWeek.
Imper.ai Emerges From Stealth Mode With $28 Million in Funding
The cybersecurity startup detects impersonation risk in real-time, across video, phone, and chat communication.
The post Imper.ai Emerges From Stealth Mode With $28 Million in Funding appeared first on SecurityWeek.
US Organizations Warned of Chinese Malware Used for Long-Term Persistence
Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations.
The post US Organizations Warned of Chinese Malware Used for Long-Term Persistence appeared first on SecurityWeek.
Lumia Security Raises $18 Million for AI Security and Governance
The startup will invest in expanding its engineering and research teams, deepening product integrations, and scaling go-to-market efforts.
The post Lumia Security Raises $18 Million for AI Security and Governance appeared first on SecurityWeek.
Helmet Security Emerges From Stealth Mode With $9 Million in Funding
Helmet Security has built an end-to-end platform that secures the infrastructure for agentic AI communication.
The post Helmet Security Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek.
Inotiv Says Personal Information Stolen in Ransomware Attack
Hackers stole the names, addresses, Social Security numbers, and financial and medical information of 9,542 people.
The post Inotiv Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
