Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary ...
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root ...

PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

One of the world’s most active ransomware groups exploited a critical vulnerability in Oracle’s PeopleSoft software suite and ...
The Daily Hodl

IBM Warns of New ‘Man-in-the-Browser’ Campaign That Locks Victims Inside Fake Bank Screens and Empties Accounts in Real Time

Tech giant IBM is warning of a new cyberattack campaign that traps banking customers inside fake browser screens while ...