ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

/in

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.
It relates to a case of unrestricted file upload that stems from improper validation of

The Hacker News – ​Read More

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows –

CVE-2026-21643 (CVSS score: 9.1) –  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an unauthenticated attacker to

The Hacker News – ​Read More

I followed the ‘Plus 5’ rule for wireless charging, and it fixed my iPhone’s charge speeds

/in

Wireless charging is a helpful feature, but you may be getting the top speed with your accessories. Here’s what to check for.

Latest news – ​Read More

I carried this Bluetooth tracker card in my backpack for a week – and it withstood my clumsiness

/in

The UAG Metropolis tracker is an AirTag wallet alternative that’s highly functional, and all my bending and flexing haven’t fazed it.

Latest news – ​Read More

I tested ChatGPT Plus vs. Gemini Pro to see which is better – and if it’s worth switching

/in

Considering ditching ChatGPT Plus for Gemini Pro? I tested both on the same 10 tasks. Here’s which came out on top.

Latest news – ​Read More

The new rules for AI-assisted code in the Linux kernel: What every dev needs to know

/in

Linus Torvalds and maintainers just finalized the Linux kernel’s new AI policy – but it might not address the biggest challenge with AI-generated code. Here’s why.

Latest news – ​Read More

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

/in

An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.

darkreading – ​Read More

GrafanaGhost: The AI That Leaked Everything Without Being Hacked

/in

A newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why security enforcement must shift to the data layer.

The post GrafanaGhost: The AI That Leaked Everything Without Being Hacked appeared first on TechRepublic.

Security Archives – TechRepublic – ​Read More

CSA: CISOs Should Prepare for Post-Mythos Exploit Storm

/in

Security experts warn of an “AI vulnerability storm” triggered by the introduction of Anthropic’s Claude Mythos in a new paper from the Cloud Security Alliance (CSA).

darkreading – ​Read More

Empty Attestations: OT Lacks the Tools for Cryptographic Readiness

/in

OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security.

darkreading – ​Read More