eWeek

This AI Tool Can Plan and Execute Penetration Tests on Its Own

An AI-powered penetration testing tool is automating offensive cybersecurity, accelerating vulnerability discovery and ...
Bleeping Computer

New macOS zero-day bug lets attackers run commands remotely

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big ...
Bleeping Computer

Ivanti warns of Connect Secure zero-days exploited in attacks

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure (IPS) zero-days exploited by suspected Chinese hackers in the wild that can let remote attackers execute arbitrary commands on targeted ...
Ars Technica

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 ...

39C3: Security researcher hijacks AI coding assistants with prompt injection

At 39C3, Johann Rehberger showed how easily AI coding assistants can be hijacked. Many vulnerabilities have been fixed, but ...
Threat Post

Critical Cisco Bugs Open VPN Routers to Cyberattacks

The company’s RV line of small-business routers contains 15 different security vulnerabilities, some unpatched, that could enable everything from RCE to corporate network access and denial-of-service ...
Dark Reading

Zimbra RCE Vuln Under Attack Needs Immediate Patching

Attackers are actively targeting a severe remote code execution vulnerability that Zimbra recently disclosed in its SMTP server, heightening the urgency for affected organizations to patch vulnerable ...
Threat Post

Zero-Click Wormable RCE Vulnerability in Cisco Jabber Gets Fixed, Again

A series of bugs, patched in September, still allow remote code execution by attackers. Cisco Systems released an updated patch for a critical vulnerability in its video and instant messaging platform ...
Ars Technica

Unpatched MacOS vulnerability lets remote attackers execute code

A code execution bug in Apple's macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn't fully patched it yet, as tested by Ars. Independent security ...
The Register on MSN

React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines

Security boffins warn flaw is now being used for ransomware attacks against live networks Microsoft says attackers have already compromised "several hundred machines across a diverse set of ...
Dark Reading

Patch Now: Cisco Zero-Day Under Fire From Chinese APT

Cisco has patched a command-line injection flaw in a network management platform used to manage switches in data centers, which, according to researchers from Sygnia, already has been exploited by the ...