IEEE

VulKiller: Java Web Vulnerability Detection with Code Property Graph and Large Language Models

Abstract: In recent years, web application development has become more efficient, yet vulnerabilities still pose significant risks. Traditional static and dynamic detection techniques are prone to ...
Android

[UPDATE: Fix Coming] OnePlus OxygenOS Hit by Major Vulnerability Allowing SMS Data Theft

UPDATE (September 26, 2025): OnePlus has issued a statement to 9to5Google. The company confirms it is aware of the issue and will roll out a fix mid-October. “We acknowledge the recent disclosure of ...
bitnewsbot

Pandoc CVE-2025-51591 Exploited to Target AWS IMDS Credentials

Cloud security firm Wiz reported in-the-wild exploitation attempts against a vulnerability in the Linux utility Pandoc, aiming to breach the Amazon Web Services (AWS) Instance Metadata Service (IMDS).
SecurityWeek

SolarWinds Makes Third Attempt at Patching Exploited Vulnerability

CVE-2025-26399 is a patch bypass of CVE-2024-28988, which is a patch bypass of the exploited CVE-2024-28986. SolarWinds on Tuesday announced a hotfix for a remote code execution (RCE) vulnerability in ...
SecurityWeek

Fortra Patches Critical GoAnywhere MFT Vulnerability

Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. Fortra has released patches for a critical-severity vulnerability in ...
Bleeping Computer

Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet

Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. GoAnywhere MFT is a web-based ...
Bleeping Computer

WatchGuard warns of critical vulnerability in Firebox firewalls

WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls. Tracked as CVE-2025-9242, this critical security flaw is caused by ...
GitHub

A Java deserialisation vulnerability has been discovered...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...
The Hacker News

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds ...
The Hacker News

Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use ...
GitHub

Apache Fory Deserialization of Untrusted Data vulnerability

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...