ChatGPT hit by a zero-click, server-side vulnerability that criminals can use to siphon sensitive data - here's how to stay safe

ShadowLeak allows attackers to exfiltrate sensitive data without user interaction, highlighting AI security risks.
The Hacker News

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike links Oracle EBS CVE-2025-61882 (CVSS 9.8) to Cl0p with moderate confidence; CISA adds to KEV, patch by Oct 27, ...
SecurityWeek

Organizations Warned of Exploited Sudo Vulnerability

CISA warned that a recently patched local privilege escalation vulnerability in Sudo has been exploited in the wild.

Oracle patches EBS zero-day exploited in Clop data theft attacks

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to ...
Bleeping Computer

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. The ...

US federal agency breached by hackers using GeoServer exploit, CISA says

In an in-depth report detailing the incident, the US Cybersecurity and Infrastructure Security Agency (CISA) outlined how the ...
Cyber Daily

US cyber agency adds 5 known exploited vulnerabilities to its KEV catalogue

Cisco IOS, Fortra GoAnywhere, and open-source database manager Adminer all make the cut in the latest CISA KEV update.
CRN

Hackers Target AWS IMDS And EC2 To Steal Credentials: Wiz Report

AWS security vulnerability exploited by threat actors with hackers stealing credentials via AWS IMDS through EC2 instances, ...