Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists.
The post Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ appeared first on SecurityWeek.
Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances
Fortinet has patched a dozen vulnerabilities, including a critical flaw exploited in the wild against FortiVoice instances.
The post Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances appeared first on SecurityWeek.
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers
Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution.
The post Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers appeared first on SecurityWeek.
Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying
A Turkey-affiliated espionage group has exploited a zero-day vulnerability in Output Messenger since April 2024.
The post Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying appeared first on SecurityWeek.
SAP Zero-Day Targeted Since January, Many Sectors Impacted
Hundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed.
The post SAP Zero-Day Targeted Since January, Many Sectors Impacted appeared first on SecurityWeek.
Possible Zero-Day Patched in SonicWall SMA Appliances
SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely.
The post Possible Zero-Day Patched in SonicWall SMA Appliances appeared first on SecurityWeek.
Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet
The patches for an exploited Samsung MagicINFO vulnerability are ineffective and a Mirai botnet has started targeting it.
The post Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet appeared first on SecurityWeek.
Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.
The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek.
Second OttoKit Vulnerability Exploited to Hack WordPress Sites
Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges.
The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise
Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.
The post Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise appeared first on SecurityWeek.