The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1.
The post CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List appeared first on SecurityWeek.
Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises
Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead.
The post Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises appeared first on SecurityWeek.
Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild
The networking giant has added the recently patched CVE-2026-20128 and CVE-2026-20122 to the list of exploited vulnerabilities.
The post Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild appeared first on SecurityWeek.
Cisco Patches Critical Vulnerabilities in Enterprise Networking Products
Cisco has rolled out patches for 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD products.
The post Cisco Patches Critical Vulnerabilities in Enterprise Networking Products appeared first on SecurityWeek.
Critical FreeScout Vulnerability Leads to Full Server Compromise
A patch bypass for an authenticated code execution bug, the flaw leads to zero-click remote code execution attacks.
The post Critical FreeScout Vulnerability Leads to Full Server Compromise appeared first on SecurityWeek.
VMware Aria Operations Vulnerability Exploited in the Wild
The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution.
The post VMware Aria Operations Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability
The researcher says he has identified thousands of internet-exposed IQ4 building management controllers.
The post Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability appeared first on SecurityWeek.
Android Update Patches Exploited Qualcomm Zero-Day
An integer overflow or wraparound in the Qualcomm graphics component, the bug leads to memory corruption.
The post Android Update Patches Exploited Qualcomm Zero-Day appeared first on SecurityWeek.
Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise
Improper input sanitization in the framework can be exploited through the Shell tool, allowing attackers to modify system files and steal data.
The post Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise appeared first on SecurityWeek.
Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant
Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files.
The post Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant appeared first on SecurityWeek.