SecurityWeek

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Morning Overview on MSN

Hackers are exploiting a maximum-severity bug in a WordPress form plugin on thousands of sites, running their own code with no login required

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web ...
CSO Online

ServiceNow fixes API issue after reports of suspicious tenant activity

ServiceNow says security researchers were behind activity linked to a newly patched authentication flaw, but the company ...

ServiceNow discloses security incident exposing customer data

ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable ...
techtimes

ServiceNow Data Breach: Gated Advisory Left Customers Unaware of Exploited Zero-Auth API

Enterprise security teams are auditing logs and rotating credentials this week after ServiceNow confirmed that attackers successfully queried sensitive customer instance data through an ...