News

SecurityWeek

In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research

Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill.
Infosecurity-magazine.com

ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution

Remote monitoring and management (RMM) platform ConnectWise has patched a cross-site scripting (XSS) vulnerability that could lead to remote code execution (RCE). Security researchers at Guardio Labs ...
Cybernews

Flaw at major enterprise chatbot maker leads to cookie theft

Yellow.ai's customer service chatbot had a major security flaw that enabled cookie theft and account hijacking. The issue has ...
Searchenginejournal.com

WordPress Discovers XSS Vulnerability – Recommends Updating To 6.5.2

WordPress announced the 6.5.2 Maintenance and Security Release update that patches a store cross site scripting vulnerability and fixes over a dozen bugs in the core and the block editor. The same ...
The Register on MSN

Anthropic's Claude Code runs code to test it if is safe – which might be a big mistake

AI security reviews add new risks, say researchers App security outfit Checkmarx says automated reviews in Anthropic's Claude ...
Bleeping Computer

Government webmail hacked via XSS bugs in global spy campaign

Hackers are running a worldwide cyberespionage campaign dubbed 'RoundPress,' leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. ESET ...
SecurityWeek

SAP Patches Critical NetWeaver Vulnerabilities

SAP announced 21 new and four updated security notes, including four notes that address critical-severity vulnerabilities in ...