In July, Microsoft fixed a flaw in its file sharing service SharePoint that was already being exploited by attackers. Later that month, Microsoft warned that hackers were making use of the zero-day to distribute ransomware, adding even more risk to the serious vulnerability. The SharePoint flaw is just one example of attackers becoming faster at exploiting vulnerabilities before they can be properly addressed by vendors and patched by organizations.
On Monday, Google security engineering managers Jason Parsons and Zak Bennett said in a blog post that the new program, an extension of the tech giant's existing Abuse Vulnerability Reward Program (VRP), will incentivize researchers and bug bounty hunters to focus on "high-impact abuse issues and security vulnerabilities" in Google products and services.
Visualize any system's defenses against failure-a biological immune system, or a healthcare delivery system, or an aircraft control system-as a series of slices of delicious, creamy Emmentaler cheese. Each layer has a couple of holes (vulnerabilities) in it, of varying size, here and there, but as long as the holes are not aligned with each other, no threat to the system can pass all the way through all the layers,
Based on over 4,400 Java tasks, the report finds that depending on which of the four levels of reasoning capabilities that OpenAI now makes available, the overall quality of the code, especially in terms of the vulnerabilities generated, significantly improves. However, the overall volume of code being generated per task also substantially increases, which creates additional maintenance challenges for application developers that are not going to be familiar with how code might have been constructed in the first place.
CISA analysed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.
A leak happened here somewhere,” Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register. “And now you’ve got a zero-day exploit in the wild, and worse than that, you’ve got a zero-day exploit in the wild that bypasses the patch, which came out the next day.
Cisco updated its advisory regarding critical vulnerabilities in Identity Services Engine, acknowledging active exploitation. Some vulnerabilities were attempted to be exploited in the wild as of July 2025.
CVE-2025-32462 has received a lower CVSS score due to the conditions that are needed. Namely, successful execution would require someone to make a misconfiguration and deploy a Sudoers file with an incorrect host for this vulnerability to work.
Cybersecurity researchers revealed that a critical vulnerability, CVE-2025-5777, in Citrix network management devices has been exploited for over a month, contradicting Citrix's claims.
