Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

7,000 Exposed Ollama APIs Leave DeepSeek AI Models Wide Open to Attack

UpGuard discovers exposed Ollama APIs revealing DeepSeek model adoption globally. See where these AI models are running and the security risks involved.

HackRead
Open in Source
#vulnerability#google#botnet#auth
CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could

ABB Cylon FLXeon 9.3.4 (wsConnect.js) WebSocket Command Spawning PoC

The ABB Cylon FLXeon BACnet controller is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability can be exploited in a loop to start multiple instances of tcpdump, leading to resource exhaustion, denial of service (DoS) conditions, and potential data exfiltration. The lack of authentication on the WebSocket interface allows unauthorized users to continuously spawn new tcpdump processes, amplifying the attack's impact.

ABB Cylon FLXeon 9.3.4 (runtimeSetup.sh) Hidden Backdoor Account

The application has a hidden administrative account 'cxpro' that has write access permissions to the device.

Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation

At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot (AI) Bounty Program. These changes are designed to enhance the program’s effectiveness, incentivize broader participation, and ensure that our Copilot consumer products remain robust, safe, and secure.

Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware

Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a

S. Korea’s Notorious Sex Crime Hub Ya-moon Hacked, User Data Leaked

Ya-moon, S. Korea’s notorious sex crime hub operating since 1990, hacked; user data leaked, exposing CSAM, exploitation, and illicit activities.

Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini

OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.

US Cybersecurity Efforts for Spacecraft Are Up in the Air

While President Trump supported federal space efforts during his first administration, the addition of SpaceX chief Elon Musk to his circle likely means challenges for regulating spacecraft cybersecurity, experts say.

Agencies Sound Alarm on Patient Monitors With Hardcoded Backdoor

CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.