Updates have been released by Ivanti to fix a trio of high-severity hardcoded key flaws impacting its Workspace Control platform, which could be leveraged to compromise vulnerable systems' database credentials and facilitate further lateral movement, Cyber Security News reports.
Major app-building platform Passion.io had data from over 3.6 million creators and users inadvertently leaked by an exposed database, reports Hackread.
TechCrunch reports that Qualcomm has fixed a trio of zero-day vulnerabilities leveraged in ongoing attacks, as part of updates that also remediated other security issues across dozens of its chipsets.
Hewlett Packard Enterprise has released the latest version of its disk-based de-duplicating backup system StoreOnce to remediate eight security flaws, led by the critical authentication bypass vulnerability, tracked as CVE-2025-37093, BleepingComputer reports.
Cybernews reports that almost 2.7 million U.S. patients' profiles and 8.8 million appointment records have been inadvertently exposed by an unsecured MongoDB database believed to have been owned by U.S. dental marketing firm Gargle.
Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing intrusions exploiting the recently addressed ConnectWise ScreenConnect vulnerability, tracked as CVE-2025-3935, reports BleepingComputer.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
