Dark Reading

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical

Edge bugs are so fetch, and Cisco just patched 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.
SecurityWeek

Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

Cisco has fixed 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD appliances, including two critical-severity bugs.
Dark Reading

VMware Aria Operations Bug Exploited, Cloud Resources at Risk

Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud ...
TechSpot

Unwanted AI upgrade to Windows Notepad created a serious security flaw

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...
Infosecurity-magazine.com

SQL Injection Flaw Affects 40,000 WordPress Sites

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...
VentureBeat

Infostealers added Clawdbot to their target lists before most security teams knew it was running

Clawdbot's MCP implementation has no mandatory authentication, allows prompt injection, and grants shell access by design. Monday's VentureBeat article documented these architectural flaws. By ...
PC World

WinRAR under attack by state-level hackers, according to Google

PCWorld reports that Google’s Threat Intelligence Group discovered state-sponsored hackers from Russia and China actively exploiting a critical WinRAR vulnerability (CVE-2025-8088). This security flaw ...
Ars Technica

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...
Bleeping Computer

Are Copilot prompt injection flaws vulnerabilities or AI limits?

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The ...
The Hill

IRS Direct File is gone. This is how you can still file taxes for free

(NEXSTAR) – In 2025, nearly 300,000 Americans used a new electronic system to file their taxes directly with the IRS for free. In 2026, that’s no longer an option. IRS Direct File launched as a pilot ...
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt ...