A Google Chrome vulnerability allowing the leak of OAuth codes was added to the Known Exploited Vulnerabilities catalog by the Cybersecurity & Infrastructure Security Agency (CISA) on Thursday.The flaw, tracked as CVE-2025-4664, is due to insufficient policy enforcement in the Google Chrome Loader, Google said Wednesday.The vulnerability was discovered by security researcher Vsevolod Kokorin, who … Read more
Security pros warned that teams should patch a critical zero-day bug in SAP NetWeaver Visual Composer immediately after the Shadowserver Foundation found that more than 400 servers are exposed to potential attacks.Active exploitation of the vulnerability has already been confirmed, with risks including remote code execution and full system compromise. As of yesterday, 427 servers … Read more
Palo Alto Networks on Dec. 26 released a patch for a denial-of-service (DoS) flaw in the DNS security feature of the company’s PAN-OS firewall software. The high-severity 8.7 bug — CVE-2024-3393 — lets an unauthenticated attacker send a malicious packet through the data plane of the firewall that actually reboots the device. Palo Alto said … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) on Nov. 7 warned that attackers are exploiting a Palo Alto Expedition missing authentication vulnerability that lets threat actors with network access takeover an Expedition admin account and access configuration secrets and credentials. Expedition is a Palo Alto migration tool that lets security teams convert firewall configurations from … Read more
Nearly three dozen flaws in open-source AI and machine learning (ML) tools were disclosed Tuesday as part of Protect AI’s huntr bug bounty program. The discoveries include three critical vulnerabilities: two in the Lunary AI developer toolkit and one in a graphical user interface (GUI) for ChatGPT called Chuanhu Chat. The October vulnerability report also … Read more