Apple has announced a major overhaul of its bug bounty program that doubles the top reward to $2 million for exploit chains that can match the sophistication of mercenary spyware attacks. With bonuses ...

In light of new memory safety features added to Apple’s latest iPhone chips that make entire classes of exploits harder to pull off, the company has revamped its bug bounty program to double or ...

A command injection vulnerability was found in the figma-developer-mcp Model Context Protocol (MCP) server. The flaw could allow attackers to run arbitrary system commands and achieve remote code ...

SolarWinds is urging users of its Web Help Desk helpdesk ticketing and asset management software to ensure their instances are up-to-date after patching a newly uncovered remote code execution (RCE) ...

The widely used image-parsing library suffers from a flaw that can allow remote code execution via crafted images in Android devices, putting connected corporate workflows at risk. Samsung has ...

Data backup and replication specialist Commvault has issued patches covering off four vulnerabilities in its core software product that, left unaddressed, could be combined to achieve two distinct ...

Cisco users are urgently advised to update their firewall command center in light of a remote code execution (RCE) vulnerability. According to a "critical"-level alert issued last week, Cisco’s Secure ...

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question ...

A new public exploit chains two critical flaws in SAP NetWeaver, exposing unpatched instances to code execution attacks. Dozens of SAP NetWeaver instances are susceptible to compromise after a threat ...

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. FortiSIEM ...

Meta is sponsoring ZDI’s Pwn2Own hacking competition, where participants can earn big prizes for smartphone, WhatsApp and wearable device exploits. Trend Micro’s Zero Day Initiative (ZDI) has ...

Microsoft Systems administrators everywhere, it looks like you get a Patch Monday as a side dish to the usual Patch Tuesday this week. There's a full remote code vulnerability (RCE) exploit for ...