The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.

The post Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning appeared first on SecurityWeek.

The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.

The post GitLab Patches Code Execution, Information Disclosure Vulnerabilities appeared first on SecurityWeek.

The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.

The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek.

More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.

The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek.

CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching.

The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek.

The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven environments.

The post Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk appeared first on SecurityWeek.

The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.

The post Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.

The security defects allow unauthenticated users to take control of the open source software supply chain.

The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek.

Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June.

The post Hackers Exploiting Cisco Unified CM Vulnerability appeared first on SecurityWeek.

Come vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said.

The post Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says appeared first on SecurityWeek.

Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs.

The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appeared first on SecurityWeek.

The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25.

The post Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks appeared first on SecurityWeek.

Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library.

The post FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances appeared first on SecurityWeek.

We tracked a cryptocurrency-mining campaign exploiting CVE-2026-33017, which revealed how threat actors are now scanning exposed AI application infrastructure for their next foothold.

Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability. 

The post Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data appeared first on SecurityWeek.

Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data.

The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek.

Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover.

The post In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum appeared first on SecurityWeek.

CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution.

The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek.

These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment.

The post Majority of Internet-Accessible REDCap Servers Outdated appeared first on SecurityWeek.

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

The post No Exploits Required appeared first on SecurityWeek.