Victoria Dubranova faces over 25 years in prison for links to Russia-backed CARR and NoName hacktivist groups. The post US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups appeared first on SecurityWeek.
Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker to serious risks. The flaws impact PCIe Base Specification Revision 5.0 and onwards in the protocol mechanism introduced by the IDE Engineering Change NoticeRead More »Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
GeminiJack is a zero-click Gemini attack that could have been exploited using specially crafted emails, calendar invites, or documents. The post Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data appeared first on SecurityWeek.
The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled. The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek.
The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence towards the loved one ifRead More »FBI Warns of Fake Video Scams
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enableRead More »Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacksRead More »Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek.
Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek.
Dozens of vulnerabilities have been patched by the industrial giants across their products. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider appeared first on SecurityWeek.
