CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability

CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659).
The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek.
Continue reading CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability

Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Microsoft’s new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings.
The post Microsoft Adds New Teams Controls to Block Unauthorized… Continue reading Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug.
The post Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ … Continue reading Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari

The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users.
The post Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari appeared first on Security… Continue reading Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari

Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.
The post Exploitation of Recent Oracle E-Business Suite Vulnerability Begins appeared first on SecurityWeek.
Continue reading Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.
The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek.
Continue reading Critical SimpleHelp Vulnerability Exploited for Malware Delivery