CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.
The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was.
The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.
AI Coding Agents Could Fuel Next Supply Chain Crisis
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises.
The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek.
Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico.
The post Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion appeared first on SecurityWeek.
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls.
The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityWeek.
WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year.
The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek.
Trellix Source Code Repository Breached
The cybersecurity firm’s investigation has not found any impact on its source code release or distribution process.
The post Trellix Source Code Repository Breached appeared first on SecurityWeek.
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins
CISA has added the bug to its KEV list, and Microsoft has observed limited exploitation, mainly associated with PoC testing.
The post Exploitation of ‘Copy Fail’ Linux Vulnerability Begins appeared first on SecurityWeek.
Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats
Hackers disrupted services and stole names, email addresses, student ID numbers, and user messages.
The post Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats appeared first on SecurityWeek.
US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems
Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide resources to help augment warfighter decision-making in complex operational environments,” the Defense Department said.
The post US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems appeared first on SecurityWeek.
