The Next Web

Keeper Security brings zero-trust database access to its PAM platform with KeeperDB

Database credentials remain one of the most common attack vectors in enterprise breaches, yet most organisations still manage them through shared spreadsheets, hardcoded connection strings, or ...
SecurityWeek

38 Vulnerabilities Found in OpenEMR Medical Software

Dozens of vulnerabilities were discovered recently in the open source electronic medical records platform OpenEMR.

“TotalRecall Reloaded” tool finds a side entrance to Windows 11’s Recall database

Once authenticated, Hagenah says the TotalRecall Reloaded tool can access both new information recorded to the Recall ...
Computer Weekly

Medical data of half a million Britons on sale in China after Biobank breach

Biobank operator is taking steps to improve security after biological, health and lifestyle information from its database was ...

Oracle Brings Mission-Critical Availability To The Agentic AI Era

Oracle AI Database 26ai introduces Platinum and Diamond availability tiers, post-quantum cryptography, and AI agent data ...
The Hacker News

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Panel patches authentication flaw across supported versions, prompting Namecheap port blocks and temporary access limits.
The Hacker News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...

Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations

Raw threat intel isn't enough without real-world context. Criminal IP has partnered with Securonix to integrate ...

Firestarter malware survives Cisco firewall updates, security patches

Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco ...

Hackers use QEMU virtual machines to hide ransomware and bypass security

Hackers use QEMU virtual machines to hide ransomware and bypass security ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Lovable's API exposed source code and database credentials for 48 days after the company closed a bug report. Up to 62% of AI ...