SecurityWeek

Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise

A ModelScope MS-Agent vulnerability allows attackers to feed malicious commands to AI agents and modify system files or steal ...
Bleeping Computer

New macOS zero-day bug lets attackers run commands remotely

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big ...
The Hacker News

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.
Bleeping Computer

Ivanti warns of Connect Secure zero-days exploited in attacks

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure (IPS) zero-days exploited by suspected Chinese hackers in the wild that can let remote attackers execute arbitrary commands on targeted ...
SDxCentral

VMware cloud management platform in triple threat

Broadcom released various patches to tackle vulnerabilities concerning its Aria multicloud management platform.
CSOonline

Cisco’s ISE bugs could allow root-level command execution

Cisco is warning enterprise admins of two critical flaws within its identity and access management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized ...