CISA warns organizations that threat actors are exploiting a critical-severity vulnerability in low-code AI builder Langflow.
The post Critical Vulnerability in AI Builder Langflow Under Attack appeared first on SecurityWeek.
Microsoft Warns of Attackers Exploiting Misconfigured Apache Pinot Installations
Misconfigured Apache Pinot instances can and have enabled threat actors to gain access to sensitive information.
The post Microsoft Warns of Attackers Exploiting Misconfigured Apache Pinot Installations appeared first on SecurityWeek.
Android Update Patches FreeType Vulnerability Exploited as Zero-Day
Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
The post Android Update Patches FreeType Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Critical Commvault Vulnerability in Attacker Crosshairs
CISA has flagged a critical-severity Commvault vulnerability as exploited one week after technical details were released.
The post Critical Commvault Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
PoC Published for Exploited SonicWall Vulnerabilities
PoC code targeting two exploited SonicWall flaws was published just CISA added them to the KEV catalog.
The post PoC Published for Exploited SonicWall Vulnerabilities appeared first on SecurityWeek.
More Details Come to Light on Commvault Vulnerability Exploitation
Commvault has shared indicators of compromise associated with the exploitation of a vulnerability by state-sponsored hackers.
The post More Details Come to Light on Commvault Vulnerability Exploitation appeared first on SecurityWeek.
SonicWall Flags Two More Vulnerabilities as Exploited
SonicWall has updated the advisories for two vulnerabilities to warn that they are being exploited in the wild.
The post SonicWall Flags Two More Vulnerabilities as Exploited appeared first on SecurityWeek.
Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks
More than 400 SAP NetWeaver servers are impacted by CVE-2025-31324, an exploited remote code execution vulnerability.
The post Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks appeared first on SecurityWeek.
CISA Warns of Exploited Broadcom, Commvault Vulnerabilities
CISA urges immediate patching for recently disclosed Broadcom, Commvault, and Qualitia vulnerabilities exploited in the wild.
The post CISA Warns of Exploited Broadcom, Commvault Vulnerabilities appeared first on SecurityWeek.
Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites
Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.
The post Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites appeared first on SecurityWeek.
