IEEE

VulKiller: Java Web Vulnerability Detection with Code Property Graph and Large Language Models

Abstract: In recent years, web application development has become more efficient, yet vulnerabilities still pose significant risks. Traditional static and dynamic detection techniques are prone to ...
Android

[UPDATE: Fix Coming] OnePlus OxygenOS Hit by Major Vulnerability Allowing SMS Data Theft

UPDATE (September 26, 2025): OnePlus has issued a statement to 9to5Google. The company confirms it is aware of the issue and will roll out a fix mid-October. “We acknowledge the recent disclosure of ...
bitnewsbot

Pandoc CVE-2025-51591 Exploited to Target AWS IMDS Credentials

Cloud security firm Wiz reported in-the-wild exploitation attempts against a vulnerability in the Linux utility Pandoc, aiming to breach the Amazon Web Services (AWS) Instance Metadata Service (IMDS).
SecurityWeek

SolarWinds Makes Third Attempt at Patching Exploited Vulnerability

CVE-2025-26399 is a patch bypass of CVE-2024-28988, which is a patch bypass of the exploited CVE-2024-28986. SolarWinds on Tuesday announced a hotfix for a remote code execution (RCE) vulnerability in ...
GitHub

Fix test failures due to VectorUtils isFinite check

java.lang.AssertionError: not finite: NaN from <[NaN, NaN, NaN, NaN],[NaN, NaN, NaN, NaN]> > at org.apache.lucene.util.VectorUtil.dotProduct(VectorUtil.java:68) > at ...
SecurityWeek

Fortra Patches Critical GoAnywhere MFT Vulnerability

Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. Fortra has released patches for a critical-severity vulnerability in ...
Bleeping Computer

Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet

Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. GoAnywhere MFT is a web-based ...
Bleeping Computer

WatchGuard warns of critical vulnerability in Firebox firewalls

WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls. Tracked as CVE-2025-9242, this critical security flaw is caused by ...
GitHub

A Java deserialisation vulnerability has been discovered...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...
The Hacker News

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds ...
The Hacker News

Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use ...