A critical vulnerability in Tesla’s TCU allowed attackers with physical access to gain root-level code execution. The flaw has been patched via an over-the-air (OTA) update.

A critical vulnerability in Cisco IOS and IOS XE Software allows attackers to bypass authentication via the TACACS+ protocol if a shared secret is not configured. This flaw can lead to unauthorized access and data interception.

Researchers uncovered a major cyber-espionage campaign led by China-linked threat actor UNC5221, targeting US technology companies, SaaS providers, and law firms. The attackers use a stealthy malware family named BRICKSTORM to infiltrate systems.

MalTerminal is a newly discovered AI-powered malware that leverages GPT-4 to generate ransomware or reverse shell code in real time. The malware represents the first known instance of large language model (LLM)-enabled malware found in the wild.

SonicWall has issued an urgent advisory following the inadvertent public exposure of configuration backup files from MySonicWall. These files contained encrypted passwords, pre-shared keys, and TLS certificates used by SonicOS appliances.

A critical vulnerability in Microsoft Entra ID exposed all Microsoft cloud tenants to potential full compromise. It allowed attackers to impersonate any user without detection.