Notícias

Stay updated on the latest in application security with the OWASP Top 10 vulnerabilities. The post What is AI Red Teaming? appeared first on Security Boulevard.

Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. [...]

Orca Security recently released the 2025 State of Cloud Security Report, finding that 84% of organizations now use AI in the cloud, and 62% of organizations have at least one vulnerable AI package.

A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM, compromising 16 popular Gluestack 'react-native-aria' packages with over 950K weekly downloads. The attack began on June 6 at 4:33 PM EST with a malicious update to […]

Here's an overview of some of last week's most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm? Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. Rethinking governance in a decentralized identity world Decentralized identity (DID) is gaining traction, and … More → The post Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast appeared first on Help Net Security.

Over 20 malicious apps on Google Play are stealing crypto seed phrases by posing as trusted wallets and exchanges, putting users' funds at risk.

Model Context Protocol connects AI assistants to external tools and data. Think of it as a bridge between Claude, ChatGPT, or Cursor and your Gmail, databases, or file systems. Released... The post MCP (Model Context Protocol) and Its Critical Vulnerabilities appeared first on Strobes Security. The post MCP (Model Context Protocol) and Its Critical Vulnerabilities appeared first on Security Boulevard.

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. [...]

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, and CVE-2024-55591. “Phantom Mantis recently launched a coordinated intrusion campaign targeting multiple organizations between […]

Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of vulnerabilities addressed with 41 in both Windows 10 and 11, and their associated servers. They also did a great job finally fixing most of the reported issues that have been carried out for a while. But it appears something was not quite right, because there were some issues reported from … More → The post June 2025 Patch Tuesday forecast: Second time is the charm? appeared first on Help Net Security.