Trend Micro has rushed to fix two Apex One zero-days that may have been exploited by Chinese threat actors.
The post Trend Micro Patches Apex One Vulnerabilities Exploited in Wild appeared first on SecurityWeek.
Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability
Android’s light August 2025 security update resolves an Adreno GPU vulnerability confirmed as exploited in June.
The post Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability appeared first on SecurityWeek.
Apple Patches Safari Vulnerability Flagged as Exploited Against Chrome
Tracked as CVE-2025-6558, the flaw was found in Chrome’s ANGLE and GPU components and was flagged as exploited by Google TAG.
The post Apple Patches Safari Vulnerability Flagged as Exploited Against Chrome appeared first on SecurityWeek.
Organizations Warned of Exploited PaperCut Flaw
Threat actors are exploiting a two-year-old vulnerability in PaperCut that allows them to execute arbitrary code remotely.
The post Organizations Warned of Exploited PaperCut Flaw appeared first on SecurityWeek.
Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations
The Post SMTP email delivery WordPress plugin is affected by a critical vulnerability and half of websites using it remain unpatched.
The post Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations appeared first on SecurityWeek.
ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named
More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors.
The post ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named appeared first on SecurityWeek.
Hackers Start Exploiting Critical Cisco ISE Vulnerabilities
Cisco says it is aware of attempted exploitation of critical ISE vulnerabilities leading to unauthenticated remote code execution.
The post Hackers Start Exploiting Critical Cisco ISE Vulnerabilities appeared first on SecurityWeek.
CISA Warns of SysAid Vulnerability Exploitation
CISA has added two recent SysAid vulnerabilities, CVE-2025-2776 and CVE-2025-2775, to its KEV catalog.
The post CISA Warns of SysAid Vulnerability Exploitation appeared first on SecurityWeek.
Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch
Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell zero-days.
The post Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch appeared first on SecurityWeek.
ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets
More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the vulnerabilities.
The post ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets appeared first on SecurityWeek.
