Oracle issues out-of-band warning about critical PeopleSoft code injection flaw

Oracle is closing a critical code injection vulnerability in PeopleSoft with an update outside of its usual schedule.
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
CIO

Enterprises know AI-generated code is vulnerable; they’re shipping it anyway

As AI systems discover and exploit flaws at unprecedented speed, organizations are still deploying software they know ...

Google posts Chromium browsers' proof-of-concept exploit code without a fix

Chrome, Edge, Brave, Opera, and other Chromium-based browsers could reportedly be exposed to abuse after Google accidentally revealed exploit code for an unfixed vulnerability ...
Bleeping Computer

New Veeam vulnerabilities expose backup servers to RCE attacks

Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. Tracked as CVE-2025-59470, this ...