Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
Nine vulnerabilities in the open source Digital Imaging and Communications in Medicine (DICOM) server Orthanc allow attackers to crash servers, leak data, and execute arbitrary…
Category: SecurityWeek
In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader…
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
Juniper Networks this week released patches for nearly three dozen vulnerabilities, including Junos OS and Junos OS Evolved bugs that could lead to privilege escalation,…
Critical Marimo Flaw Exploited Hours After Public Disclosure
A threat actor built an exploit for a critical-severity vulnerability in Marimo and started using it in attacks roughly nine hours after the bug’s public…
The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
Unfortunately, we have a problematic and unstable neighbor. Without getting into details, he often yells obscenities, threatens physical harm, threatens property damage, and other such…
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
Palo Alto Networks and SonicWall have separately announced patches for multiple vulnerabilities across their products, including two high-severity bugs. Palo Alto Networks patched three flaws…
Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and compromise data, CloudSEK warns. For over…
Apple Intelligence AI Guardrails Bypassed in New Attack
Researchers from RSAC have found a way to bypass the safety protocols of Apple’s Intelligence AI with a high success rate. Apple Intelligence is a…
Adobe Reader Zero-Day Exploited for Months: Researcher
A researcher has come across what appears to be an actively exploited Adobe Reader zero-day vulnerability. Haifei Li is asking the cybersecurity community for assistance…
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
Hackers backing Tehran say an uncertain ceasefire between Iran and the United States and Israel won’t end their retaliatory cyberattacks, a warning that American cybersecurity…
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years
A remote code execution (RCE) vulnerability that lurked in Apache ActiveMQ Classic for 13 years could be chained with an older flaw to bypass authentication,…
Data Leakage Vulnerability Patched in OpenSSL
Seven vulnerabilities have been patched with the latest OpenSSL updates, including a flaw that can allow an attacker to obtain sensitive data. The data leakage…