A 0-day buffer overflow vulnerability in Cisco ASA and FTD devices, exploitable via WebVPN, allows unauthenticated remote code execution. Cisco has released patches and issued guidance for mitigation.
ParkMobile breach victims will receive a $1 parking credit as part of a 2025 class-action settlement. The 2021 incident exposed 21 million user records.
Hackers exploited OAuth tokens in third-party Salesforce integrations, stealing CRM data and extorting affected customers. Salesforce urges clients to rotate credentials.
Huawei confirmed a data breach stemming from a compromised vendor system, exposing partner and employee records. Security experts warn of new supply-chain risks.
A public PoC exploit for CVE-2025-32463 in Sudo has been released, enabling local privilege escalation to root. Linux users are urged to update to Sudo 1.9.16p1.
A recently disclosed Chrome RCE exploit uses Wasm and JavaScript to manipulate memory and execute shellcode in the browser. Update to version M137.0.7151.57 immediately to prevent remote compromise.
Signal has called on Germany to reject the EU’s chat control proposal, warning that client-side scanning would break encryption, facilitate surveillance, and undermine trust in private communication.
A zero-day vulnerability in Oracle E-Business Suite, CVE-2025-61882, has been actively exploited by Cl0p in data theft campaigns. Oracle’s emergency patch addresses unauthenticated remote code execution in the BI Publisher integration component.
OpenAI plans to give content owners greater control over how their characters appear in Sora, moving toward an opt-in model and instituting revenue-sharing for participating rights holders.
Researchers discovered a zero-day in Zimbra webmail where malicious JavaScript injected into .ICS calendar files executes within session context — allowing attackers to steal emails, credentials, and forward mail.