Hackers Exploit Langflow Vulnerability for Remote Code Execution

Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek.

Siemens Says Desigo CC Files Flagged as Malware by Security Engines

A PowerShell script included in patch files appears to be triggering false positives by multiple security engines. The post Siemens Says Desigo CC Files Flagged as Malware by Security Engines appeared first on SecurityWeek.

FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers

The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances The post FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers appeared first on SecurityWeek.

Splunk, Palo Alto Networks Patch Severe Vulnerabilities

The security defects could allow attackers to create or modify arbitrary files and access and modify protected resources. The post Splunk, Palo Alto Networks Patch Severe Vulnerabilities appeared first on SecurityWeek.

‘GreatXML’ Zero-Day Exploit Bypasses BitLocker

The PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode. The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek.