CSOonline

Researchers uncover RCE attack chains in popular enterprise credential vaults

Researchers have found 14 logic flaws in various components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, allowing attacks that could bypass authentication ...
HotHardware

Microsoft Windows Server Update Service Is Under Attack, What You Need To Know

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...
Dark Reading

Exploitation Risk Grows for Critical Cisco Bug

The risk of attackers exploiting a recently disclosed maximum severity vulnerability in Cisco's IOS XE Wireless Controller software has increased significantly following the public release of detailed ...
CSOonline

Putting AI-assisted ‘vibe hacking’ to the test

Valuable tools for experienced attackers and researchers, LLMs are not yet capable of creating exploits at a prompt, researchers found in a test of 50 AI models — some of which are getting better ...
ZATAZ

7-Zip vulnerabilities: directory escape and remote execution

Two flaws in 7-Zip allow working-directory escape through symlinks inside malicious ZIPs. Update immediately or disable automatic extraction to mitigate risk. Two vulnerabilities, CVE-2025-11001 and ...