A critical vulnerability (CVE-2025-0411) in the file archiving tool 7-Zip is being actively exploited, mainly targeting Ukrainian organizations. It has been included in CISA’s database of known exploited vulnerabilities. This flaw lets attackers bypass Windows’ Mark-of-the-Web (MoTW) security, allowing them to run malicious code. CISA has added CVE-2025-0411, a critical …

A threat actor has reportedly acquired login details, including passwords and email addresses, for 20 million OpenAI accounts. GBHackers report states that an underground forum user claimed to sell a sample of data and the full batch for a low price. The authenticity of these claims is unverified, but the situation …

Cisco has updated its Identity Services Engine (ISE) to fix two critical security flaws that could let remote attackers execute arbitrary commands and gain elevated privileges on affected devices. The vulnerabilities are listed below: CVE-2025-20124 (CVSS score: 9.9): A vulnerability in a Cisco ISE API that allows an authenticated attacker …