Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three

The Hacker News
Open in Source
#vulnerability#web#android#mac#windows#apple#google#microsoft#amazon#ubuntu#linux#debian#cisco#red_hat#dos#git#oracle#intel#rce#samba#vmware#aws#lenovo#amd#buffer_overflow#asus#samsung#auth#ibm#dell#zero_day#mongo#chrome#firefox#sap#The Hacker News
Cl0p Ransomware Lists NHS UK as Victim, Days After Washington Post Breach

Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882.

Microsoft Patch Tuesday for November 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as “critical.”

Patch now: Samsung zero-day lets attackers take over your phone

A critical vulnerability that affects Samsung mobile devices was exploited in the wild to distribute LANDFALL spyware.

CISO's Expert Guide To AI Supply Chain Attacks

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here.  TL;DR AI-enabled supply chain attacks are exploding in scale and sophistication - Malicious package uploads to open-source repositories jumped 156% in

Cisco Finds Open-Weight AI Models Easy to Exploit in Long Chats

Cisco’s new research shows that open-weight AI models, while driving innovation, face serious security risks as multi-turn attacks, including conversational persistence, can bypass safeguards and expose data.

CVE-2025-30398: Nuance PowerScribe 360 Information Disclosure Vulnerability

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.

CVE-2025-62201: Microsoft Excel Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.