-
The Apache Software Foundation has disclosed two security vulnerabilities affecting multiple versions of Apache Tomcat, with one flaw posing a serious risk of remote code execution on vulnerable servers. The flaws impact Apache Tomcat versions 9, 10, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity firm LayerX has identified a critical vulnerability in OpenAI’s ChatGPT Atlas browser that allows malicious actors to inject harmful instructions into ChatGPT’s memory and execute remote code. This security flaw poses signific…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbed SessionReaper, enables remote code execution and customer account t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to the Jira Java Virtual Machine (JVM) process. The vulnerability, tracke…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and ena…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI-powered agents are increasingly relied upon to execute tasks like code analysis, file management, and automating workflows. However, a newly highlighted vulnerability argument injection shows how attackers can use these very capabilities to achieve …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A vulnerability in Microsoft 365 Copilot allowed attackers to trick the AI assistant into fetching and exfiltrating sensitive tenant data by hiding instructions in a document. The AI then encoded the data into a malicious Mermaid diagram that, wh…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apache Syncope, has disclosed a critical security vulnerability that allows authenticated administrators to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-57738, impacts all Apache Syncope versions 3.x before 3.0.14 and 4.x b…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
