CSO Online

Output from vibe coding tools prone to critical security flaws, study finds

The assessment, which it conducted in December 2025, compared five of the best-known vibe coding tools — Claude Code, OpenAI ...
Security Boulevard

Attackers Probing Popular LLMs Looking for Access to APIs: Report

Security researchers with GreyNoise say they've detected a campaign in which the threat actors are targeting more than 70 popular AI LLM models in a likely reconnaissance mission that will feed into ...
CSOonline

CISA orders immediate patching as GeoServer flaw faces active exploitation

CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately. The flaw, tracked as CVE-2025-58360, ...
Bleeping Computer

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a ...
New York Daily News

Woman, 36, repeatedly stabbed by Thanksgiving guest in post-holiday attack

An ungrateful Thanksgiving dinner guest repeatedly stabbed his host during a bloody post-holiday attack on the Lower East Side that left the wounded woman running down the hall and frantically banging ...
SecurityWeek

Data Exposure Vulnerability Found in Deep Learning Tool Keras

The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks. A vulnerability in the open source library Keras could allow attackers to ...
GitHub

Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
Bleeping Computer

CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw

CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. BleepingComputer previously ...
Forbes

Update Microsoft Windows Server, 10 And 11 Now — Attacks Underway

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. The latest warning from CISA, as part of Binding Operational ...
The Hacker News

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services ...
bitnewsbot

Pandoc CVE-2025-51591 Exploited to Target AWS IMDS Credentials

Cloud security firm Wiz reported in-the-wild exploitation attempts against a vulnerability in the Linux utility Pandoc, aiming to breach the Amazon Web Services (AWS) Instance Metadata Service (IMDS).
SecurityWeek

ChatGPT Targeted in Server-Side Data Theft Attack

OpenAI has fixed this zero-click attack method called ShadowLeak by researchers. Researchers at web security company Radware recently discovered what they described as a service-side data theft attack ...