Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the …
New observational auditing framework takes aim at machine learning privacy leaks
Machine learning (ML) privacy concerns continue to surface, as audits show that models can reveal parts of the labels (the user’s choice, expressed preference, or the result …
WhatsApp now lets you secure chat backups with passkeys
Messaging service WhatsApp is launching passkey-encrypted chat backups for iOS and Android, allowing users to encrypt their stored message history using their face, …
Users lack control as major AI platforms share personal info with third parties
Some of the most popular generative AI and large language model (LLM) platforms, from companies like Meta, Google, and Microsoft, are collecting sensitive data and sharing it …
Meta open-sources AI tool to automatically classify sensitive documents
Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive …
LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks
LlamaFirewall is a system-level security framework for LLM-powered applications, built with a modular design to support layered, adaptive defense. It is designed to mitigate a …
AutoPatchBench: Meta’s new way to test AI bug fixing tools
AutoPatchBench is a new benchmark that tests how well AI tools can fix code bugs. It focuses on C and C++ vulnerabilities found through fuzzing. The benchmark includes 136 …
WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)
WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running …
Key steps to scaling automated compliance while maintaining security
In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to market, improving vendor …
Meta plans to prevent disinformation and AI-generated content from influencing voters
Meta, the company that owns some of the biggest social networks in use today, has explained how it means to tackle disinformation related to the upcoming EU Parliament …
Meta introduces default end-to-end encryption for Messenger and Facebook
Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger …
Meta’s Threads app used as a lure
It was to be expected: As the buzz around Meta’s new microblogging platform Threads gained momentum, some individuals have stepped in to take advantage of the fact that …
Featured news
Resources
Don't miss
- Cisco email security appliances rooted and backdoored via still unpatched zero-day
- Exploited SonicWall zero-day patched (CVE-2025-40602)
- Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)
- Why vulnerability reports stall inside shared hosting companies
- Zabbix: Open-source IT and OT observability solution