Cato Networks revealed HashJack, a vulnerability that uses the URL fragment to hide malicious commands for AI browser assistants. This allows attackers to manipulate AI behavior without compromising the actual website, leading to risks like credential theft and unauthorized data access.

A security audit by Google and Intel uncovered five vulnerabilities in Intel's TDX technology, including one severe flaw (CVE-2025-30513) that allows an attacker to fully compromise the system. Intel has issued patches for these vulnerabilities, which can lead to privilege escalation and information disclosure.

The Australian government is alerting about ongoing cyberattacks exploiting a severe vulnerability in unpatched Cisco IOS XE devices. Attackers are using the BadCandy webshell to gain control, with over 150 devices still compromised as of late October 2025. The Australian Signals Directorate is notifying affected users and urging prompt patching.

Fortinet disclosed a new zero-day vulnerability, CVE-2026-24858, which allows attackers to exploit the FortiCloud single sign-on feature for unauthorized logins. This critical flaw has a CVSS score of 9.8 and affects multiple Fortinet products, prompting the company to temporarily disable SSO authentication to mitigate ongoing attacks.

OpenAI's Codex CLI has a vulnerability (CVE-2025-61260) that allows attackers to execute commands by manipulating configuration files. This flaw can lead to serious security risks, including remote access and supply chain attacks on developers. A patch was released shortly after the issue was reported.

Google fixed a serious vulnerability in its Gemini Enterprise AI that allowed attackers to embed malicious instructions in shared documents, leading to unauthorized access to sensitive corporate information. This flaw, discovered by Noma Labs, exploited the AI's retrieval system to execute commands without employee interaction.

A critical flaw in Commvault's software has been discovered, allowing attackers to gain full control over affected systems. This vulnerability poses significant risks to data security and emphasizes the need for immediate updates and patches by users.

A critical vulnerability in the Telemessage SGNL messaging platform is being actively exploited by attackers, posing significant security risks to users. The flaw allows unauthorized access to sensitive data, urging users to update their systems and take precautionary measures immediately. Cybersecurity experts are warning about the potential for widespread abuse of this vulnerability if not addressed promptly.

Researchers at ETH Zurich have introduced Phoenix, a novel Rowhammer attack targeting DDR5 memory that can manipulate data, steal encryption keys, and escalate privileges by exploiting weaknesses in the memory's TRR mechanism. This attack highlights ongoing vulnerabilities in memory security despite manufacturer defenses and emphasizes the need for improved countermeasures. The study also underscores that Rowhammer attacks remain a significant threat across different generations of memory modules.

The article serves as a buyer's guide for external attack surface management, providing insights on how organizations can identify and mitigate vulnerabilities in their digital environment. It emphasizes the importance of understanding the potential risks associated with external assets and offers recommendations for selecting appropriate tools and services.

Hackers have exploited a remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy rootkits targeting unprotected Linux systems. The attacks, tracked as 'Operation Zero Disco', involved the use of compromised Cisco devices to manipulate logs and network configurations, posing significant risks even to newer switches due to persistent targeting. Currently, there are no reliable tools to detect these compromises, making low-level investigations essential for suspected breaches.

A new vulnerability database launched by the EU aims to complement the existing Common Vulnerabilities and Exposures (CVE) program rather than compete with it, according to ENISA. This initiative is intended to improve the identification and management of security vulnerabilities across the EU.

A critical vulnerability in Citrix NetScaler, tracked as CVE-2025-6543, has been exploited to breach multiple critical organizations in the Netherlands, allowing attackers to achieve remote code execution. The Netherlands' National Cyber Security Centre warns that the flaw, initially thought to cause denial of service attacks, has been actively exploited since early May, with successful attacks resulting in the erasure of evidence. Organizations are urged to upgrade their systems to mitigate risks associated with this zero-day vulnerability.

A critical vulnerability in Microsoft's SharePoint, tracked as CVE-2025-53770, is being actively exploited, allowing unauthenticated remote code execution on affected servers. The vulnerability has led to significant incidents, including breaches in multiple organizations, with estimates of compromised systems rising to 400. Government and private sectors are currently grappling with the fallout from this mass exploitation.

The article discusses the EPSS (Exploit Prediction Scoring System) Pulse, a tool designed to help organizations assess their vulnerability to cyber threats. It emphasizes the importance of using predictive analytics to prioritize vulnerabilities based on their likelihood of being exploited. By leveraging EPSS, businesses can enhance their cybersecurity strategies and reduce risks effectively.

Over 73,000 WatchGuard Firebox devices are vulnerable to a critical flaw that allows remote code execution without authentication. The issue affects devices running the Fireware OS, with many remaining unpatched despite the release of updates a month prior.

A critical vulnerability in file transfer protocols has been exploited, leading the Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert. The flaw allows unauthorized access and potential data breaches, prompting organizations to update their systems and mitigate risks immediately.

The article discusses a critical vulnerability identified in NVIDIA's software, designated CVE-2025-23266, which poses significant risks to AI systems using NVIDIA hardware. It highlights the implications of this vulnerability, potential exploits, and the necessity for immediate patching by users to safeguard their systems.

ReconPro is a web reconnaissance tool tailored for cybersecurity professionals and bug bounty hunters, offering a collection of curated Google dorks categorized by vulnerability type and risk level. It features a user-friendly interface with presets for common scenarios, responsive design, and local storage, enabling efficient security assessments. Users are encouraged to contribute dorks and improvements while ensuring compliance with legal regulations.

Researchers have released proof-of-concept exploits for the CitrixBleed2 vulnerability (CVE-2025-5777) affecting Citrix NetScaler devices, which can allow attackers to steal user session tokens through malformed POST requests. Despite Citrix's claims that the flaw is not actively exploited, evidence from cybersecurity experts suggests that attacks have been occurring since mid-June. Organizations are urged to apply patches immediately to mitigate the risk.

Recent attacks linked to Chinese hacking groups have exploited a zero-day vulnerability in Microsoft SharePoint, breaching numerous organizations globally. The vulnerabilities, identified as CVE-2025-49706 and CVE-2025-49704, were actively targeted by multiple threat actors, prompting Microsoft and CISA to release emergency patches and recommend immediate action for affected entities.

CISA has released an analysis detailing malware used in attacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), specifically an authentication bypass and a code injection issue. The vulnerabilities, already being exploited by a China-nexus espionage group, allow for arbitrary code execution and data exfiltration. CISA recommends immediate patching of affected systems and treating mobile device management solutions as high-value assets.

CISA has issued a warning about a high-severity arbitrary code execution vulnerability in the Git version control system, tracked as CVE-2025-48384, which is being actively exploited by hackers. Federal agencies must apply patches by September 15th or take alternative security measures. Additionally, two Citrix Session Recording vulnerabilities have also been added to the Known Exploited Vulnerabilities catalog, with the same deadline for remediation.

A critical vulnerability in the widely used Sudo program has been identified, allowing attackers to gain unauthorized root access on affected systems. The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to apply the necessary patches to mitigate potential exploitation of this flaw. Organizations are advised to prioritize updates to prevent security breaches.

Google is leveraging AI to enhance cybersecurity defenses, focusing on key areas such as agentic capabilities, new security models, and public-private collaborations. Notable advancements include the AI agent Big Sleep, which identifies vulnerabilities, and new tools like Timesketch and FACADE that streamline forensic investigations and insider threat detection. The company emphasizes safe and responsible AI deployment to reshape the future of cybersecurity.

A critical vulnerability in the Bluetooth Low Energy interface of Unitree robots allows attackers to take complete control, potentially creating a wormable botnet. Discovered by security researchers, this exploit affects multiple models and highlights ongoing security lapses in Unitree's firmware, raising concerns about the robots' deployment in sensitive environments. Despite attempts at responsible disclosure, Unitree has been unresponsive, prompting researchers to publicize the issue.

A critical vulnerability known as "Happy Dom" has been identified, affecting various systems and applications due to improper handling of user input. Exploitation of this vulnerability could lead to unauthorized access and data breaches, prompting urgent updates and patches from developers to secure affected systems.

A critical remote code execution vulnerability (CVE-2025-3248) in Langflow has been actively exploited, allowing attackers to gain full control of vulnerable servers via an unprotected API endpoint. Organizations are urged to upgrade to version 1.3.0 or later to mitigate risks, as CISA warns of the high likelihood of exploitation and the potential existence of over 500 exposed instances. Those unable to upgrade should restrict access to Langflow services immediately.

Researchers from Binarly have discovered a method to bypass a patch for a Supermicro vulnerability that allows malicious firmware updates via the Baseboard Management Controller (BMC). This vulnerability poses a significant risk to enterprise organizations, offering attackers persistent control over the BMC and the main operating system.

A vulnerability in GitHub Copilot Chat, discovered by Legit Security, allowed the leakage of sensitive data such as AWS keys and zero-day bugs from private repositories. By exploiting hidden comments and remote prompt injection, attackers could control Copilot's responses and exfiltrate sensitive information from users. GitHub has since addressed the issue by blocking the method used for data leakage.

Mirai botnets are taking advantage of a critical remote code execution vulnerability, CVE-2025-24016, in Wazuh servers, as reported by Akamai. Wazuh has released a patch and indicated that none of its paying customers were affected by the recent attacks.

SonicWall has issued a warning regarding a critical vulnerability (CVE-2025-40599) in its SMA 100 series VPN appliances, allowing authenticated users to upload arbitrary files, potentially leading to remote code execution. Despite no evidence of active exploitation, the company advises users to patch their devices and monitor for signs of compromise due to ongoing attacks targeting the appliances. Recommendations include enhancing security measures such as enforcing multi-factor authentication and limiting remote management access.

Over 9,000 ASUS routers have been compromised by a botnet called "AyySSHush," which exploits an old command injection vulnerability to establish a persistent SSH backdoor. The attackers employ stealth tactics, including bypassing authentication and disabling logging, while the exact purpose of the campaign remains unclear. ASUS has released security updates, urging users to upgrade their firmware and check for unauthorized access.

Microsoft has acknowledged the contributions of a hacker known as Encrypthub for their role in improving the security of a vulnerability in its systems. This recognition highlights the growing trend of tech companies collaborating with ethical hackers to enhance cybersecurity measures.

Cisco has addressed a critical security vulnerability (CVE-2025-20309) in its Unified Communications Manager software, which allowed unauthenticated remote access due to static root account credentials that cannot be changed or deleted. The flaw was discovered during internal testing, and affected users are advised to update their systems or apply a provided patch, as exploitation indicators have been identified in system logs.

Beijing may have compromised U.S. government systems prior to the identification and patching of a critical vulnerability in Cityworks software. The breach highlights ongoing security concerns regarding foreign threats to U.S. cybersecurity. Further investigation is needed to understand the extent and implications of the breach.

A critical security vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances is being actively exploited by a suspected China-nexus threat actor, UNC5221, leading to remote code execution and the deployment of various malware families. Organizations are urged to upgrade their systems immediately to mitigate potential risks associated with this vulnerability.

A critical vulnerability has been identified in the MCP server that could allow attackers to execute arbitrary code. The flaw poses serious security risks, and users are urged to apply patches and updates to protect their systems from potential exploitation. Cybersecurity experts are advising immediate action to mitigate the risks associated with this vulnerability.

Misconfigured permissions in Google's Gerrit platform may have allowed attackers to inject malicious code into ChromiumOS and other projects. A specific permission issue and a race condition in the merge process potentially left at least 18 projects open to supply chain attacks, enabling malicious code to be merged without user interaction.

Millions of Brother printers are affected by a critical vulnerability that allows attackers to generate default admin passwords. The flaw cannot be fully patched through firmware updates, prompting a need for manufacturers to change production processes. Other printer manufacturers are also impacted, highlighting widespread security risks.

A vulnerability has been identified in the End-of-Train and Head-of-Train remote linking protocol, affecting multiple devices from manufacturers like Wabtec and Siemens. The weakness allows potential exploitation through weak authentication, posing risks to transportation systems. CISA recommends mitigations and encourages users to contact device manufacturers for further guidance.

A critical vulnerability in the OttoKit WordPress plugin is being exploited by attackers to gain administrative access to affected sites. Site administrators are urged to update to version 1.0.83, which patches both this and a previously reported vulnerability. Security firm Defiant has provided indicators of compromise to help identify signs of exploitation.

Over 1,200 Citrix NetScaler ADC and Gateway appliances remain unpatched against the critical CVE-2025-5777 vulnerability, which allows attackers to hijack user sessions and bypass authentication. Despite Citrix's assertion that there is no evidence of exploitation, cybersecurity firms report medium confidence that the flaw is being actively targeted. Administrators are urged to apply patches and monitor for suspicious activity on their systems.

Microsoft issued an emergency security update for a critical vulnerability in SharePoint Server, known as CVE-2025-53770, which is actively being exploited by hackers to breach various organizations, including U.S. federal agencies. The flaw allows attackers to access and control compromised servers using a backdoor tool named "ToolShell," prompting urgent recommendations for organizations to take immediate protective measures beyond just patching.

Technical details of a high-severity flaw in Cisco IOS XE WLC, identified as CVE-2025-20188, have been released, allowing potential exploitation by attackers. The vulnerability stems from a hard-coded JWT that enables unauthenticated file uploads and command execution on affected devices. Users are urged to upgrade to patched versions or disable the vulnerable feature immediately to mitigate risks.