CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.

Attackers finally get around to exploiting critical Microsoft bug from 2024

As if admins haven't had enough to do this week Ignore patches at your own risk. According to Uncle Sam, a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being ...
TechJuice

Critical WordPress Plugin Flaw Exposes 900,000+ Sites to Remote Code Execution

A critical remote code execution flaw in the WPvivid Backup & Migration WordPress plugin puts over 900,000 sites at risk unless patched.
eWeek

OpenAI Debuts GPT-5.3-Codex-Spark, a Near-Instant AI for Real-Time Coding

Spark, a lightweight real-time coding model powered by Cerebras hardware and optimized for ultra-low latency performance.
The Hacker News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws to KEV list.
Computing

Google: State-backed hackers using Gemini AI at every stage of attacks

State-sponsored hacking groups from China, Iran, North Korea and Russia are using Google's Gemini AI system to assist with nearly every stage of cyber operations, ...