AI Vulnerability
-
CISA Warns of Critical Vulnerability in TP-Link Routers Amid Active Exploitation
CISA has identified a critical vulnerability in TP-Link routers, urging users to take immediate action as evidence of active exploitation emerges. The agency’s guidelines are designed to mitigate the risks associated with this command injection vulnerability, affecting multiple router models.
-
New AI Vulnerability Discovered in Microsoft 365 Copilot: ‘EchoLeak’
A new zero-click vulnerability known as ‘EchoLeak’ has been discovered in Microsoft 365 Copilot, enabling attackers to exfiltrate sensitive data without user interaction. While Microsoft has patched the flaw, experts advise businesses to enhance their cybersecurity measures to prevent future exploits.
-
Cisco Warns of Critical Vulnerability in Cloud Deployments Exposing Sensitive Data
Cisco has issued a critical vulnerability warning for its Identity Services Engine (ISE) on major cloud platforms, potentially exposing sensitive data due to shared static credentials. Affected platforms include AWS, Azure, and OCI.
-
Cisco Issues Urgent Patches for Critical Vulnerabilities in Cloud Services
Cisco has issued patches for critical vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP), warning of potential exploits that could allow unauthorized access and disruption of services in cloud deployments.
-
Nation-State Actor Breaches ConnectWise Customers’ ScreenConnect Instances
ConnectWise has disclosed that a nation-state actor compromised the ScreenConnect cloud instances of some customers, exploiting a vulnerability before a critical patch was implemented. The company is investigating the breach with the help of forensic experts.
-
Critical WordPress Plugin Vulnerability Exposes Over 100,000 Sites to Attack
A critical vulnerability in the TI WooCommerce Wishlist plugin for WordPress exposes over 100,000 websites to potential file upload attacks, prompting security experts to recommend immediate action.
-
Critical XSS Vulnerability in Zimbra Collaboration Suite Exploited by Hackers
A critical XSS vulnerability (CVE-2024-27443) has been discovered in Zimbra’s CalendarInvite feature, exploited by the Sednit hacking group. Users are urged to patch their systems urgently.
-
Critical Flaw Discovered in Windows Server 2025 Poses Risk to Active Directory Users
A critical security vulnerability in Windows Server 2025, discovered by Akamai researchers, poses serious risks to Active Directory users, enabling potential attackers to gain unauthorized access to any AD user account. With Microsoft yet to release a patch, organizations are urged to implement immediate protective measures.
-
Security Flaw in GitLab’s AI Assistant Exposes Source Code to Attackers
A significant vulnerability in GitLab’s AI coding assistant, Duo, has been discovered, allowing potential theft of source code and injection of malicious instructions, prompting urgent security measures from GitLab.
