SecurityWeek13h
Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum
Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.
SecurityWeek18h
Nvidia Patches Vulnerabilities That Could Let Hackers Exploit AI Services
Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.
SecurityWeek18h
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation ...
SecurityWeek21h
Popular GitHub Action Targeted in Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
SecurityWeek19h
100 Car Dealerships Hit by Supply Chain Attack
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
SecurityWeek15h
8,000 New WordPress Vulnerabilities Reported in 2024
Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.
SecurityWeek13h
NIST Announces HQC as Fifth Standardized Post Quantum Algorithm
The National Institute of Standards and Technology (NIST) has selected a fifth algorithm (HQC) to add to its PQC portfolio.
SecurityWeek6d
UK Government Report Calls for Stronger Open Source Supply Chain Security Practices
A UK government analysis of current best practices for OSS and supply chain risk management finds weaknesses in current ...
SecurityWeek5d
US Hasn’t Determined Who Was Behind Cyberattack That Caused Outage on Musk’s X
US officials said they have not determined who was behind an apparent cyberattack on the social media platform X.
SecurityWeek5d
China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days
The existence of Volt Typhoon came to light in May 2023, when Microsoft reported that the group, which the tech giant linked ...
SecurityWeek5d
Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections
The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one ...
SecurityWeek5d
Zoom Patches 4 High-Severity Vulnerabilities
Zoom has patched five vulnerabilities in its Workplace and Rooms applications, including four high-severity flaws.