AISLE has emerged from stealth with a new AI-based cyber reasoning system (CRS). The term CRS originates from DARPA’s Cyber Grand Challenge, held in 2016 and designed for research into systems able to detect, exploit, and patch software vulnerabilities in real time. Since that Challenge, AI-driven software has become mainstream, and AISLE’s new CRS is ..
Tag : Vulnerabilities
Trend Micro’s Zero Day Initiative (ZDI) this week published 13 advisories describing unpatched vulnerabilities in Ivanti Endpoint Manager. One of the flaws allows local attackers to elevate their privileges and was reported to Ivanti in November 2024. The remaining 12 lead to remote code execution (RCE) and were reported in June 2025. While the vulnerabilities ..
Apple on Friday announced significant updates to its bug bounty program and the company is now offering up to $2 million for complex exploit chains. Since the launch of its public bug bounty program in 2020, Apple has awarded a total of more than $35 million to over 800 security researchers. Multiple hackers earned $500,000 ..
A high-severity vulnerability in the popular gaming and application editor Unity can allow attackers to load arbitrary libraries and achieve code execution. Tracked as CVE-2025-59489 (CVSS score of 8.4), the security defect resides in command-line arguments through which Unity could load and execute arbitrary code. According to security engineer RyotaK from GMO Flatt Security, the ..
The recent data theft and extortion campaign targeting Oracle E-Business Suite customers has been confirmed to be the work of the notorious Cl0p ransomware group, and Oracle has admitted that the hackers have exploited a zero-day vulnerability. The attacks targeting Oracle E-Business Suite (EBS) customers came to light last week, when Google Threat Intelligence Group ..
DrayTek on Thursday announced patches for an unauthenticated remote code execution (RCE) vulnerability affecting DrayOS routers. Tracked as CVE-2025-10547, the issue can be exploited via crafted HTTP or HTTPS requests sent to a vulnerable device’s web user interface. Successful exploitation of the bug, DrayTek explains in its advisory, may result in memory corruption and a ..
The US cybersecurity agency CISA on Thursday warned that a Meteobridge vulnerability patched in May has been exploited in attacks and added the flaw to its Known Exploited Vulnerabilities (KEV) catalog. Meteobridge is a device that allows administrators to connect their weather stations to public weather networks. Station data collection and system management functionality is ..
Google and Mozilla this week released Chrome and Firefox browser updates that address multiple high-severity vulnerabilities. Google promoted Chrome 141 to the stable channel with 21 security fixes, including 12 for security defects reported by external researchers, who earned a total of $50,000 for their findings. Two of the externally reported bugs, tracked as CVE-2025-11205 ..
The OpenSSL Project has announced the availability of several new versions of the open source SSL/TLS toolkit, which include patches for three vulnerabilities. Versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm and 1.1.1zd of the OpenSSL Library have been released. Most of them fix all three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231 and CVE-2025-9232. Two of the ..
A newly patched high-severity VMware vulnerability has been exploited as a zero-day since October 2024 for code execution with elevated privileges, NVISO Labs reports. Tracked as CVE-2025-41244 (CVSS score of 7.8), the security defect impacts both VMware Aria Operations and VMware Tools. VMware’s parent company Broadcom rolled out patches this week, warning that the flaw ..