Red-Team

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

CVE News

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

Security researchers have identified new vulnerabilities in Supermicro’s Baseboard Management Controller (BMC) firmware that allow attackers to...

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

CVE News

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

A newly identified vulnerability in multiple versions of OnePlus’s OxygenOS allows any application installed on a device...

EDR-Freeze: Abusing Windows Error Reporting to Suspend Security Software

Red-Team

EDR-Freeze: Abusing Windows Error Reporting to Suspend Security Software

A new proof-of-concept tool named EDR-Freeze demonstrates a significant evolution in attacker evasion techniques. Developed by security...

Critical Microsoft Entra ID Flaw Enabled Global Tenant Hijack

CVE News

Critical Microsoft Entra ID Flaw Enabled Global Tenant Hijack

A recently disclosed vulnerability in Microsoft’s Entra ID (formerly Azure AD) identity management service could have allowed...

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

CVE News

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Fortra has issued an urgent security advisory concerning a newly identified vulnerability in its GoAnywhere Managed File...

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

CVE News

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

Google has released an emergency security update for its Chrome browser to address a high-severity zero-day vulnerability,...

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

CVE News

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

Apple has released security updates for older iPhone and iPad models, backporting a critical fix for a...

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

CVE News

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

Samsung has released a critical security update addressing a remote code execution vulnerability that was actively exploited...

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

CVE News

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

A significant surge in Akira ransomware activity, first observed in late July 2025, has been attributed to...

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

CVE News

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

SAP has released patches for 21 new security flaws, including three critical vulnerabilities in its widely used...

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

CVE News

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

A critical zero-day vulnerability in legacy Sitecore deployments, designated CVE-2025-53690, has been actively exploited by threat actors...

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

CVE News

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as the U.S....

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

CVE News

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Google’s September 2025 Android security bulletin addresses a significant security event, patching 120 vulnerabilities across the platform...

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

CVE News

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Click Studios, the developer of the Passwordstate enterprise password manager, has issued an urgent warning to its...

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CVE News

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Citrix has released emergency patches for a critical remote code execution vulnerability, tracked as CVE-2025-7775, affecting its...

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

CVE News

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Git distributed...

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Red-Team

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

A new class of attack, exploiting the image preprocessing pipelines of multimodal AI systems, has been demonstrated...

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

CVE News

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

A critical vulnerability in Docker Desktop for Windows and macOS, designated CVE-2025-9074, has been patched after it...

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

CVE News

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

Apple has released emergency security updates to address a zero-day vulnerability actively exploited in what the company...

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

CVE News

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

A newly disclosed class of vulnerabilities in browser extensions for major password managers exposes tens of millions...

Posts pagination

Previous 1 2 3 4 5 … 17 Next

Red-Team

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

EDR-Freeze: Abusing Windows Error Reporting to Suspend Security Software

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

You may have missed

Australian Man Sentenced for “Evil Twin” WiFi Attacks Targeting Airports and Flights

GitLab Public Repository Scan Uncovers Widespread Exposure of Live Secrets

GreyNoise IP Check: A Free Tool for Botnet Detection and IP Reputation Monitoring

OBR Enlists Cyber Expert Following Accidental Pre-Budget Data Leak