ConnectWise has released ScreenConnect 25.2.4 to address a high-severity ViewState code injection vulnerability (CWE-287, CVSS 8.8) affecting versions 25.2.3 and earlier. All on-premises users are urged to patch immediately.
All Posts
- Vibe coding—using LLMs to generate code from prompts—boosts productivity but introduces widespread security flaws. Experts warn of SQL injection, leaked secrets, and prompt injection risks.
- CISA has issued advisories for critical vulnerabilities affecting Siemens TeleControl Server Basic and Schneider Electric Wiser Home Controller, exposing critical infrastructure to denial-of-service and credential disclosure risks.
- The hacker group R00TK1T ISC CYBER TEAM claims to have leaked 972,000 TikTok user credentials and is demanding 50 BTC for further silence.
- Multiple versions of Ripple's official xrpl.js NPM package were compromised with malicious code designed to steal cryptocurrency private keys, affecting versions 4.2.1-4.2.4 and 2.14.2. Immediate key rotation is recommended.