(Credit: FellowNeko – stock.adobe.com)

(Credit: FellowNeko – stock.adobe.com)

Xerox fixes critical RCE flaw in FreeFlow Core software

Laura FrenchAugust 13, 2025

A path traversal bug could enable an attacker to place a webshell on the victim’s server.

RESOURCES

PODCASTS

Leadership
Defending Trust & Reputation as CISOs and Leaders Prepare Their AI Strategy – Santosh Nair – BSW #408
Vulnerability Management
300 Baud, Buddy Hackett Nudes, Dell, badUSB, Exchange, Erlang/OTP, Josh Marpet… – SWN #502
Application security
The Future of Supply Chain Security – Janet Worthington – ASW #343
Governance, Risk and Compliance
Reimagining Security Operations: SOC as a Service and the Role of AI – Kevin Nikkhoo – CSP #215
Security Strategy, Plan, Budget
ESW at BlackHat and the weekly enterprise security news – ESW #419

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Security Operations

FortiSIEM exploited in the wild via OS command injection, Fortinet warns

Steve ZurierAugust 13, 2025

Security pros advise teams to patch right away or risk losing SOC visibility.

A firewall with visible cracks, under assault by malware, symbolized by warning signs and skulls, representing a critical security breach.

Critical Infrastructure Security

Erlang/OTS SSH exploit rated 10.0 targets critical infrastructure

Steve ZurierAugust 13, 2025

Exploitation in OT networks could alter sensor readings, trigger outages, introduce safety risks, and cause physical damage.

(Credit: Tada Images – stock.adobe.com)

GPT-5 jailbreaks reported despite OpenAI’s new safety-training method

Laura FrenchAugust 12, 2025

Multiple groups of researchers say they bypassed safety measures within a few messages.

SAP is a German based multinational software corporation

Security Operations

SAP patches three critical 9.9 S/4 HANA bugs

Steve ZurierAugust 12, 2025

SAP releases 19 patches on its August Security Patch Day, including three critical S/4 HANA bugs.

Application security

WordPress plugin UiCore Elements affected by arbitrary file read bug

Laura FrenchAugust 12, 2025

The flaw could allow an unauthenticated attacker to read any file, including wp-config.php.

Thousands of Exchange Servers unpatched in light of high-severity flaw

Steve ZurierAugust 12, 2025

Shadowserver follows up last week’s warnings from Microsoft and CISA to patch the high-severity Exchange flaw.

(Credit: Ralf – stock.adobe.com)

Vulnerability Management

WinRAR zero-day exploited by RomCom threat group

Laura FrenchAugust 12, 2025

The group sent emails from purported job seekers with a malicious archive attached.

"LLM" over a digital brain

Application security

LLM vector flaws threaten data security, privacy, and model integrity

OWASP GenAI Security Project Team August 11, 2025

LLM vector flaws in RAG systems risk data leaks, privacy breaches, poisoning, and degraded model integrity.

EVENTS