Red-Team

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

CVE News

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

A high-severity vulnerability (CVE-2025-4279) has been identified in the WordPress External Image Replace plugin, enabling authenticated attackers...

Tenda AC9 Command Injection Vulnerability (CVE-2025-45042): Critical Remote Code Execution Risk

CVE News

Tenda AC9 Command Injection Vulnerability (CVE-2025-45042): Critical Remote Code Execution Risk

A critical command injection vulnerability (CVE-2025-45042) has been identified in Tenda AC9 routers running firmware version 15.03.05.14,...

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

CVE News

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated the urgency around a critical vulnerability in...

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

CVE News

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

A critical vulnerability in OpenCTI, tracked as CVE-2025-24977, allows authenticated users to execute arbitrary commands on the...

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

CVE News

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

Apple’s AirPlay protocol, a proprietary wireless technology used for streaming audio and video across devices, was found...

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

CVE News

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

The US Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical vulnerabilities affecting SonicWall Secure...

Huntress Labs’ “Hacking Windows” Training at IT Nation: A Deep Dive for Security Professionals

Red-Team

Huntress Labs’ “Hacking Windows” Training at IT Nation: A Deep Dive for Security Professionals

Huntress Labs, known for its focus on managed service providers (MSPs) and small-to-medium business (SMB) security, made...

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

CVE News

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with CVE-2025-31324,...

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

CVE News

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

A set of critical vulnerabilities in Apple’s AirPlay Protocol and AirPlay SDK, collectively dubbed “AirBorne,” exposes devices...

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

CVE News

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

Delta Electronics’ ISPSoft programming software, widely used in industrial automation systems, contains multiple critical vulnerabilities that could...

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Red-Team

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Recent research reveals critical vulnerabilities in generative AI systems, including jailbreak techniques like Inception attacks, unsafe code...

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

CVE News

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

A critical SQL injection vulnerability (CVE-2025-4039) has been identified in PHPGurukul’s Rail Pass Management System version 1.0,...

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

CVE News

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

A critical vulnerability in YesWiki, tracked as CVE-2025-46348, allows unauthenticated attackers to create and download site backups...

Meta Releases Llama AI Model API for Developers: Technical Implications

Red-Team

Meta Releases Llama AI Model API for Developers: Technical Implications

Meta has officially launched an API for its Llama AI models, providing developers with tools to integrate...

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Red-Team

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Recent reports highlight a surge in MSSQL injection attacks, with threat actors exploiting vulnerabilities to execute remote...

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

CVE News

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

A critical SQL injection vulnerability (CVE-2017-18362) in ConnectWise’s ManagedITSync integration exposed Kaseya VSA servers to unauthenticated remote...

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

C2-Updates

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

Cybersecurity researchers from Hunt have identified a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads...

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

CVE News

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

A newly disclosed vulnerability in Apache Tomcat, tracked as CVE-2025-23181, allows unprivileged command execution with a CVSS...

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

CVE News

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

A critical remote code execution (RCE) vulnerability has been identified in PhpGurukul’s Online Banquet Booking System (OBBS)...

CISA Flags Actively Exploited Vulnerabilities in Broadcom, Commvault, and Qualitia Products

CVE News

CISA Flags Actively Exploited Vulnerabilities in Broadcom, Commvault, and Qualitia Products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited...

Posts pagination

Previous 1 2 3 4 5 6 7 8 … 16 Next

Red-Team

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

Tenda AC9 Command Injection Vulnerability (CVE-2025-45042): Critical Remote Code Execution Risk

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

Huntress Labs’ “Hacking Windows” Training at IT Nation: A Deep Dive for Security Professionals

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

Meta Releases Llama AI Model API for Developers: Technical Implications

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

CISA Flags Actively Exploited Vulnerabilities in Broadcom, Commvault, and Qualitia Products

You may have missed

Google Issues Workarounds for ChromeOS Authentication Failures in Enterprise Environments

Microsoft Word’s Cloud-Centric Default: Security Implications and Enterprise Management Challenges

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Global Law Enforcement Intensifies Crackdown on Cybercrime Enablers with VerifTools Takedown