exploited
Week in review: 300k+ Plex Media Server instances still vulnerable to attack, exploited Git RCE flaw – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has…
LLMs easily exploited using run-on sentences, bad grammar, image scaling
A series of vulnerabilities recently revealed by several research labs indicate that, despite rigorous training, high benchmark scoring, and claims that artificial general intelligence (AGI) is right around the corner, large language models (LLMs) are still quite naïve and easily confused in situations where human common sense and healthy suspicion would typically prevail. For example,…
Storm-2603 spotted deploying ransomware on exploited SharePoint servers – Help Net Security
One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. First attack spotted on July 7th On Saturday, Microsoft announced that attackers have been spotted exploiting a zero-day variant (CVE-2025-53770) of a SharePoint vulnerability (CVE-2025-49706) that the…
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. Google…
Week in review: Microsoft fixes exploited zero-day, Mirai botnets target unpatched Wazuh servers – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)Two Mirai botnets are exploiting a critical…
Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-daysOn May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. How to give better cybersecurity presentations…
Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSAC 2025 ConferenceRSAC 2025 Conference took place at the Moscone Center in San Francisco. Check out our microsite for related news, photos, product releases, and more. Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)CVE-2025-31324, a critical vulnerability…