Bleeping Computer

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

Update 4/16/24: Updated story with more information on how previous mitigations do not protect devices. Exploit code is now available for a maximum severity and actively exploited vulnerability in ...

Nvidia DGX Spark, NeMo:Critical security flaws threaten AI hardware and software

Attackers can exploit a critical security vulnerability in Nvidia's AI computer DGX Spark, among other things.
Bleeping Computer

Exploit for critical Veeam auth bypass available, patch now

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest ...

Millions Of Dell PCs At Risk From High-Impact DDPM Exploit, Patch ASAP

Update: Dell has contacted us to clarify that the exploit in question can only occur during the installation of DDPM versions ...
HHS

Hackers Exploit Unpatched ChatGPT Bug

Hackers are exploiting a vulnerability in ChatGPT's infrastructure to redirect users to malicious websites, with security researchers recording more than 10,000 exploit attempts in a week from a ...
Hosted on MSN

Conversations between LLMs could automate the creation of exploits, study shows

As computers and software become increasingly sophisticated, hackers need to rapidly adapt to the latest developments and devise new strategies to plan and execute cyberattacks. One common strategy to ...
Infosecurity-magazine.com

Fake PoC Exploit Targets Security Researchers with Infostealer

Threat actors have created a fake proof-of-concept (PoC) exploit for a critical Microsoft vulnerability, designed to lure security researchers into downloading and executing information-stealing ...
Infosecurity-magazine.com

Russian Hackers Use Commercial Spyware Exploits to Target Victims

In a world-first, a Russian state-sponsored hacking group has used software vulnerability exploits “identical or strikingly similar” to ones previously used by NSO Group and Intellexa, two infamous ...
VentureBeat

MCP stacks have a 92% exploit probability: How 10 plugins became enterprise security's biggest blind spot

The same connectivity that made Anthropic's Model Context Protocol (MCP) the fastest-adopted AI integration standard in 2025 has created enterprise cybersecurity's most dangerous blind spot. The ...
Engadget

Apple Silicon has a hardware-level exploit that could leak private data

A team of university security researchers has found a chip-level exploit in Apple Silicon Macs. The group says the flaw can bypass the computer’s encryption and access its security keys, exposing the ...

More work for admins as Google patches latest zero-day Chrome vulnerability

Chrome has suffered two other confirmed zero days in the V8 engine in 2025, from a tally of seven across Chrome as a whole. The V8 flaws were CVE-2025-5419 in June and CVE-2025-10585 in September.