HashiCorp has disclosed a security flaw in its Vault Terraform Provider that allows attackers to bypass valid credentials and log in to Vault via LDAP authentication.
Tracked as CVE-2025-13357 and bulletin HCSEC-2025-33, the issue stems from incorrect default settings and affects users managing Vault...
NVIDIA has patched serious security flaws in its Isaac-GR00T platform, a key tool for building AI-powered humanoid robots.
Released on November 18, 2025, the update fixes two high-severity vulnerabilities that could let attackers inject malicious code.
These issues affect the platform's Python components and...
A serious flaw in the popular vLLM library could let attackers crash servers or even run malicious code remotely. Security researcher Russellb disclosed the issue last week via GitHub Advisory.
Rated "High" severity, it affects vLLM versions 0.10.2 and later, with no patch available...
Wireshark, the leading open-source network protocol analyzer, released version 4.6.1 on November 19, 2025, to fix two security flaws in its dissectors that could cause the application to crash when processing malformed packets.
These issues, tracked as WNPA-SEC-2025-05 and WNPA-SEC-2025-06, affect the BPv7 and...
CrowdStrike researchers discovered that DeepSeek-R1, a 671-billion-parameter large language model from a Chinese AI firm released in January 2025, produces up to 50% more insecure code when prompts mention topics sensitive to Chinese authorities, such as Tibet, Uyghurs, or Falun Gong.
Without such triggers,...
Cybersecurity firm GreyNoise reported a dramatic spike in attacks targeting Palo Alto Networks' GlobalProtect VPN portals.
Starting November 14, 2025, malicious sessions exploded, reaching 2.3 million attempts in just days a 40-fold increase in 24 hours and the highest in 90 days.
Attackers scanned...