Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
Bleeping Computer

Google fixes actively exploited Android flaws in September update

Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws. The two flaws that were detected as ...
Bleeping Computer

Adobe patches critical SessionReaper flaw in Magento eCommerce platform

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in ...
The Motley Fool Canada

TSX:CVE (Cenovus Energy Inc.)

Cenovus Energy is an integrated oil company, focused on creating value through the development of its oil sands assets. The company also engages in production of conventional crude oil, natural gas ...
IEEE

The Log4j Incident: A Comprehensive Measurement Study of a Critical Vulnerability

Abstract: On December 10, 2021, Log4Shell was disclosed to the public and was quickly recognized as a most severe vulnerability. It exploits a bug in the wide-spread Log4j library that allows for ...
The Hacker News

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting ...
The Hacker News

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The ...
Security Boulevard

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Microsoft addresses 80 CVEs, including eight flaws rated critical with one publicly disclosed. Microsoft addresses 80 CVEs in its September 2025 Patch Tuesday release, with eight rated critical, and ...
GitHub

BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation

The BeyondCart Connector plugin for WordPress, in versions 1.4.2 through 2.1.0, is vulnerable to Privilege Escalation due to improper JWT secret management and faulty authorization mechanisms within ...
aha.org

H-ISAC TLP White Threat Bulletin: Critical SAP S/4HANA Vulnerability Actively Exploited (CVE-2025-42957) Sept. 9, 2025

Exploitation of the SAP S/4HANA flaw, tracked as CVE-2025-42957, has been disclosed. The vulnerability allows code injection and privilege escalation, potentially giving a low-privileged user full ...
GitHub

f4dee-backup/CVE-2025-31161

This exploit targets a critical vulnerability in CrushFTP, allowing remote unauthenticated attackers to bypass authentication and create arbitrary admin users. It works by crafting a valid-looking ...