Apple has released iOS 26.1 and macOS Tahoe 26.1 with patches for over 100 vulnerabilities, including critical flaws.
The post Apple Patches 19 WebKit Vulnerabilities appeared first on SecurityWeek.
How Software Development Teams Can Securely and Ethically Deploy AI Tools
To deploy AI tools securely and ethically, teams must balance innovation with accountability—establishing strong governance, upskilling developers, and enforcing rigorous code reviews.
The post How Software Development Teams Can Securely and Ethically Deploy AI Tools appeared first on SecurityWeek.
Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities
The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine.
The post Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities appeared first on SecurityWeek.
CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog
Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation.
The post CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog appeared first on SecurityWeek.
QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability
The critical-severity flaw allows attackers to smuggle HTTP requests and access sensitive data, modify server files, or cause DoS conditions.
The post QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability appeared first on SecurityWeek.
Year-Old WordPress Plugin Flaws Exploited to Hack Websites
Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.
The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek.
Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.
The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek.
$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal
WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution.
The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek.
ChatGPT Atlas’ Omnibox Is Vulnerable to Jailbreaks
Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox.
The post ChatGPT Atlas’ Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek.
Critical Windows Server WSUS Vulnerability Exploited in the Wild
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.
The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.