The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories.
The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first on SecurityWeek.
SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake.
The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek.
Researchers demonstrated a now-patched vulnerability that could have been used to enumerate all WhatsApp accounts.
The post Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts appeared first on SecurityWeek.
A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists.
The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek.
SolarWinds Serv-U is affected by vulnerabilities that can be exploited for remote code execution.
The post SolarWinds Patches Three Critical Serv-U Vulnerabilities appeared first on SecurityWeek.
An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system.
The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.
The total amount of money given to bug bounty hunters by the social media giant has reached $25 million.
The post Meta Paid Out $4 Million via Bug Bounty Program in 2025 appeared first on SecurityWeek.
The flaw was reported by Google’s Threat Analysis Group and was likely exploited by a commercial spyware vendor.
The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek.
The exploitation of the recent XWiki vulnerability has expanded to botnets, cryptocurrency miners, scanners, and custom tools.
The post Widespread Exploitation of XWiki Vulnerability Observed appeared first on SecurityWeek.
Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog.
The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability appeared first on SecurityWeek.
