Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada

WinRAR has patched CVE-2025-8088, a zero-day exploited by Russia’s RomCom in attacks on financial, defense, manufacturing and logistics companies.
The post Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada appeared first on Securit… Continue reading Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada

French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers

Bouygues has been targeted in a cyberattack that resulted in the personal information of millions of customers getting compromised.
The post French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers appeared first on SecurityWeek.
Continue reading French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers

SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability

SonicWall has been investigating reports about a zero-day potentially being exploited in ransomware attacks, but found no evidence of a new vulnerability. 
The post SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability appeared first… Continue reading SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment

CISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments. 
The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWe… Continue reading Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites

A desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties.
The post New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites appeared first on S… Continue reading New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites

Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation

Zenity has shown how AI assistants such as ChatGPT, Copilot, Cursor, Gemini, and Salesforce Einstein can be abused using specially crafted prompts.
The post Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation appeared first on Sec… Continue reading Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation