Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.
Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
The now-patched flaw is the latest in a growing string of security issues associated with the viral AI tool, which has seen rapid adoption among developers.
Three of those zero-days are security feature bypass flaws, which give attackers a way to slip past built-in protections in multiple Microsoft products.
Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.
Proof-of-concept exploit code is publicly available for two other flaws in this month's Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year.
The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.
CVE-2025-54603 gave attackers an opening to disrupt critical operational technology (OT) environments and steal data from them.
Microsoft initially fixed CVE-2025-59287 in the WSUS update mechanism in the October 2025 Patch Tuesday release, but the company has now issued a second, out-of-band update for the flaw, which is under attack in the wild.
A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed.
Exploitation of the flaw, tracked as CVE-2025-10035, is highly dependent on whether systems are exposed to the Internet, according to Fortra.
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.
Generating exploits with AI and large language models shrinks the time to target software flaws, giving security teams scant time to patch. Can enterprises adapt?
CVE-2025-43300 is the latest zero-day bug used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.
An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.
Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development.
The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.