A critical vulnerability in SimpleHelp remote management software is currently under active attack and requires immediate patching on affected systems.
The Vertex AI SDK generated predictable names for temporary Cloud Storage buckets; attackers could reserve these names and redirect model uploads, enabling code execution via manipulated pickle files.
Cisco ISE contains multiple vulnerabilities that compromise critical system functions (code execution, privilege escalation, data access) and pose a high risk to network authentication.
A critical vulnerability in Microsoft 365 Copilot allows attackers to compromise systems through a simple link click, without employing classical phishing or password theft techniques.
A misconfigured API endpoint in ServiceNow allowed unauthenticated access to customer tables — remediation was delayed by more than six weeks after the bug bounty report.