Information

Three exploitation campaigns targeting Cisco and Palo Alto Networks firewalls and Fortinet VPNs originate from IPs on the same subnets, GreyNoise has discovered. The threat intelligence firm initially warned of scanning attempts targeting Cisco ASA devices in early September, roughly three weeks before Cisco disclosed two zero-day vulnerabilities impacting Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. The bugs, tracked as CVE-2025-20333 (CVSS score of 9.9) and CVE-2025-20362 (CVSS score…

Read More

Juniper Networks has announced patches for nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical-severity flaws affecting Junos Space. More than 200 security defects were resolved in Junos Space and Junos Space Security Director, Juniper’s October 2025 security advisories, published as part of the company’s predefined quarterly schedule, reveal. Junos Space version 24.1R4 was rolled out with fixes for 24 cross-site scripting (XSS) issues, including a critical-severity bug (CVE-2025-59978, CVSS…

Read More

Legit Security has detailed a vulnerability in the GitHub Copilot Chat AI assistant that led to sensitive data leakage and full control over Copilot’s responses. Combining a Content Security Policy (CSP) bypass with remote prompt injection, Legit Security’s Omer Mayraz was able to leak AWS keys and zero-day bugs from private repositories, and influence the responses Copilot provided to other users. Copilot Chat is designed to provide code explanations and suggestions, and allows users to…

Read More

Industrial cybersecurity firm Radiflow has unveiled a new platform for mid-sized enterprises. The new platform, named Radiflow360, leverages AI to provide enhanced visibility, risk management, and incident response capabilities.  According to Radiflow, the platform enables comprehensive visibility and control over OT networks, with an AI assistant speeding up assessments and threat prioritization. Radiflow360, which integrates with other Radiflow and third-party tools, helps streamline compliance and accelerate incident response. The company advertises the platform as ideal…

Read More

A recently patched vulnerability in Fortra GoAnywhere MFT (Managed File Transfer) was exploited as a zero-day by a Chinese ransomware group, Microsoft reports. The flaw, tracked as CVE-2025-10035 (CVSS score of 10/10), was disclosed on September 18, when Fortra rolled out patches for it. A deserialization issue in the application’s license servlet, the bug can be exploited for command injection and remote code execution (RCE). Shortly after public disclosure, cybersecurity firm watchTowr warned that the…

Read More

Cloud security giant Wiz has announced a new hacking competition where participants can earn significant rewards for demonstrating exploits against widely used cloud software. The competition is named Zeroday.Cloud and it offers participants a total of $4.5 million in bug bounties. Interested security researchers must submit their entry by December 1 and they will demonstrate their exploits live on stage at the Black Hat Europe conference taking place December 10-11 in London.  Wiz has teamed…

Read More

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Read More

Cybersecurity startup Oneleet has announced raising $33 million in a Series A funding round that brings the total raised by the company to $35 million. The investment round was led by Dawn Capital, with additional support from Y Combinator and several angel investors. Founded in 2022 and based in Amsterdam, Netherlands, Oneleet has built a platform that provides organizations with visibility into their security posture to help them improve protections and ensure compliance. The solution…

Read More