Vulnerabilities
Juniper Networks has patched two dozen vulnerabilities in Junos OS and Junos OS Evolved, and dozens of flaws in Junos Space third-party dependencies.
Hi, what are you looking for?
SecurityWeek
Email Security
Akamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch.
Network Security
Cisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center.
Vulnerabilities
GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.
Malware & Threats
Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine.
Vulnerabilities
CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog.
Vulnerabilities
Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday.
Vulnerabilities
Fortinet fixes a critical-severity bug in FortiSwitch that could allow an attacker to modify administrative passwords.
Malware & Threats
Patch Tuesday: Microsoft ships urgent cover for another WIndows CLFS vulnerability already exploited in the wild.
Malware & Threats
The Adobe Patch Tuesday rollout covers 54 vulnerabilities, including code execution issues in the oft-targeted Adobe ColdFusion software.
Vulnerabilities
SAP released 20 security notes on April 2025 patch day, including three addressing critical code injection and authentication bypass flaws.
Vulnerabilities
An update for the WhatsApp desktop app for Windows patches CVE-2025-30401, a spoofing vulnerability that could be used to trick users.
Vulnerabilities
A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery.
Vulnerabilities
More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.
Vulnerabilities
NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them.
Vulnerabilities
A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.
Vulnerabilities
An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.
Vulnerabilities
Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.
Vulnerabilities
Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email.
Vulnerabilities
Google’s patches for Quick Share for Windows vulnerabilities leading to remote code execution were incomplete and could be easily bypassed.
Artificial Intelligence
DeepMind found that current AI frameworks are ad hoc, not systematic, and fail to provide defenders with useful insights.
Vulnerabilities
Chrome 135 and Firefox 137 were released on Tuesday with fixes for several high-severity memory safety vulnerabilities.
Artificial Intelligence
Using the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders.
Malware & Threats
An undocumented remote access backdoor in the Unitree Go1 Robot Dog allows remote control over the tunnel network and use of the vision cameras...
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
(Torsten George)
Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.
(Stu Sjouwerman)
Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore.
(Alastair Paterson)
CTI, digital brand protection and other cyber risk initiatives shouldn’t only be utilized by security and cyber teams.
(Marc Solomon)
Sightline Security’s founder explains why nonprofits need cybersecurity solutions tailored to their unique missions — and why vendors need to listen.
(Jennifer Leggio)