Microsoft has released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is currently under active exploitation. The flaw allows unauthorized attackers to execute code over a network, necessitating immediate patching for affected Windows Server versions.

OpenAI's new AI web browser, ChatGPT Atlas, has been found to be vulnerable to clipboard injection attacks. This vulnerability could allow malicious actors to manipulate the user's clipboard, potentially leading to security breaches.

CISA has issued an urgent alert regarding a critical flaw in Motex Lanscope Endpoint Manager, tracked as CVE-2025-61932. This vulnerability, rated 9.8 on the CVSS scale, allows attackers to bypass authentication mechanisms, leading to potential unauthorized access and data compromise.

Microsoft has released an emergency security patch for a critical vulnerability in Windows Server Update Services (WSUS) that is being actively exploited. The vulnerability, tracked as CVE-2025-59287, allows remote code execution and carries a severity score of 9.8 out of 10.

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.

Forescout Technologies has identified two critical vulnerabilities in TP-Link Omada and Festa VPN routers that could expose industrial systems to significant risks. The vulnerabilities, CVE-2025-7850 and CVE-2025-7851, allow for OS command injection and unauthorized root access, respectively.

Atlassian has disclosed a critical path traversal vulnerability in Jira Software Data Center and Server, allowing authenticated attackers to write files to any path accessible by the JVM. The flaw, tracked as CVE-2025-22167, affects versions from 9.12.0 through 11.0.1 and poses significant risks if unpatched.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

Security flaws in Microsoft's Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the Azure Portal. Varonis discovered that attackers can bypass safeguards using invisible Unicode characters, leading to potential phishing attacks.

Over 250 attacks have been reported in just 24 hours targeting Adobe Commerce and Magento due to a critical flaw tracked as CVE-2025-54236. This vulnerability allows for customer account takeovers via the REST API, with only 38% of stores currently patched.

Cybersecurity experts have raised concerns about OpenAI's new browser, ChatGPT Atlas, which may be susceptible to attacks that could compromise user data. The browser's features, including 'browser memories' and 'agent mode,' could potentially be exploited through prompt injection attacks, leading to unauthorized access to sensitive information.

A critical path traversal vulnerability in Smithery.ai has exposed over 3,000 hosted AI servers and compromised thousands of API keys. The flaw, stemming from a configuration bug, allows attackers to access sensitive files and execute arbitrary code on the servers.

A serious vulnerability, dubbed TARmageddon (CVE-2025-62518), has been discovered in the async-tar Rust library and its forks, including tokio-tar. This critical flaw could allow attackers to execute arbitrary code through file overwriting attacks, posing significant risks to Rust-based applications.

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

A vulnerability tracked as CVE-2025-6515 in the Oat++ MCP implementation allows threat actors with HTTP server access to hijack AI agent sessions. This flaw can lead to accelerated session creation and destruction, enabling attackers to exploit session IDs for malicious purposes.

CISA has flagged a critical vulnerability in the Windows SMB client that is actively being exploited, allowing attackers to gain elevated privileges on affected systems. Organizations are urged to patch immediately to prevent potential compromises.

CISA has identified a critical SSRF vulnerability in Oracle E-Business Suite, urging US government organizations to apply patches by November 10. Despite the urgency, Oracle has not confirmed active exploitation of the vulnerability, CVE-2025-61884.

A recent investigation revealed a critical loophole in Azure applications that allowed hackers to create malicious apps using reserved Microsoft names. This vulnerability enabled attackers to gain unauthorized access and escalate privileges within Microsoft 365 environments, posing significant risks to organizations.

Trend Micro researchers have uncovered a serious vulnerability involving hardcoded Azure Storage Account credentials in an Axis Communications plugin for Autodesk Revit. This exposure could allow attackers to compromise storage content, raising significant supply chain risks.

Oracle has announced a high-severity vulnerability in its E-Business Suite, tracked as CVE-2025-61884, which allows remote, unauthenticated access to sensitive resources. This flaw has not yet been exploited in the wild, but it poses significant risks to corporate users.