SmarterMail auth bypass flaw now exploited to hijack admin accounts

Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration ...
GovInfoSecurity

Attacks Target Freshly Patched, Critical Fortinet Flaws

Critical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately this includes a critical ...

AI framework flaws put enterprise clouds at risk of takeover

Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud ...
CSO Online

Modular DS bug hands hackers instant WordPress admin access

Security researchers confirmed in-the-wild exploitations of the mx-severity flaw, allowing unauthenticated actors gain full ...
CSO Online

Researchers warn of long‑running FortiSIEM root exploit vector as new CVE emerges

The latest phMonitor vulnerability continues a multiyear pattern of unauthenticated command‑injection flaws in Fortinet’s ...
Security Boulevard

AppOmni Surfaces BodySnatcher AI Agent Security Flaw Affecting ServiceNow Apps

AppOmni, a provider of a platform for securing software-as-a-service (SaaS) applications, this week disclosed it has discovered a flaw in the ServiceNow ...

ServiceNow patches critical security flaw which could allow user impersonation

ServiceNow, one of the most popular cloud platforms for automating IT and business workflows, has said it recently patched a ...
Cybernews

BodySnatcher flaw lets attackers take over ServiceNow's AI agents

A critical AI security vulnerability, dubbed “BodySnatcher,” highlights how the growing power of AI agents within workflow ...

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow ...
TMCnet

Assail Launches from Stealth with Ares, Autonomous AI Agents for Continuous Penetration Testing Across APIs, Mobile, and Web Infrastructure

Knight unveiled Ares as a keynote speaker at ISC2 Security Congress 2025, and within days, more than 264 companies registered ...
The Hacker News

[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl

AI agents now build and run software automatically. Insecure MCPs and CVE-2025-6514 show how trusted automation enables code ...
CNBCTV18

The rise of cyber fraud in India — and how to stay prepared

India’s digital economy faces rising cyber fraud risks, with experts from Seqrite, PhonePe and Barracuda Networks urging stronger cybersecurity measures.