Password manager utility KeePass has had to defend its reputation following the discovery of a potential vulnerability that could expose users’ secret data. However, the company states the issue only arises if an attacker already controls a compromised account. Additionally, OpenSSL project has released patches to address a variety of vulnerabilities, including a high-impact flaw. In related news, a system administrator on Reddit was victim of a phishing attack, gaining the attackers access to some internal documents and code.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is