Hackaday

This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish

There’s something immensely satisfying about taking a series of low impact CVEs, and stringing them together into a full exploit. That’s the story we have from [Mehmet Ince] of ...
The Hacker News

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA reports active exploitation of GeoServer XXE flaw CVE-2025-58360 and directs immediate updates to secure affected systems.
TechRadar

Critical server-side vulnerability in Microsoft Copilot Studio gives illegal access to internal infrastructure

A critical vulnerability has been discovered in Microsoft’s Copilot Studio, posing significant risks to sensitive internal data. This flaw, identified as a server-side request forgery (SSRF), allows ...