Security Boulevard

Critical CERT-In Advisories – January 2026: SAP, Microsoft, and Atlassian Vulnerabilities

January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity ...
Dark Reading

Vulnerabilities Threaten to Break Chainlit AI Framework

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.
CSOonline

CISA orders immediate patching as GeoServer flaw faces active exploitation

CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately. The flaw, tracked as CVE-2025-58360, ...
Shacknews

Psyonix says it's implemented changes to combat Rocket League server attacks

Rocket League developer has released a lengthy statement acknowledging an ongoing issue with server attacks within the game. In an attempt to combat them, the studio has deployed some key changes, but ...
WGN-TV

Man killed in overnight attack on West Side

CHICAGO — An investigation is underway on Tuesday morning after a man was killed in an attack on the city’s West Side overnight. According to Chicago police, the incident unfolded in the 500 block of ...
Forbes

AI Chat Privacy At Risk—Microsoft Uncovers Whisper Leak Side-Channel Attack

ChatGPT, Gemini, Microsoft Copilot, Claude, and Perplexity app icons. Microsoft has revealed a privacy flaw that could expose what you're talking about with AI chatbots like ChatGPT, even though your ...
SecurityWeek

Data Exposure Vulnerability Found in Deep Learning Tool Keras

The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks. A vulnerability in the open source library Keras could allow attackers to ...
GitHub

Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
HotHardware

Microsoft Windows Server Update Service Is Under Attack, What You Need To Know

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...
Bleeping Computer

CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw

CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. BleepingComputer previously ...
SecurityWeek

Docker Desktop Vulnerability Leads to Host Compromise

A critical vulnerability in Docker Desktop allows attackers to control containers, mount the host’s file system, and modify it to escalate their privileges to those of an administrator. Tracked as CVE ...