Critical Vulnerabilities

Western Digital Patches Critical My Cloud Command Injection Vulnerability

CVE News

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Western Digital has released firmware updates to address a critical-severity vulnerability in multiple My Cloud Network Attached...

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

CVE News

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, was actively exploited...

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

CVE News

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

Security researchers have identified new vulnerabilities in Supermicro’s Baseboard Management Controller (BMC) firmware that allow attackers to...

Critical Microsoft Entra ID Flaw Enabled Global Tenant Hijack

CVE News

Critical Microsoft Entra ID Flaw Enabled Global Tenant Hijack

A recently disclosed vulnerability in Microsoft’s Entra ID (formerly Azure AD) identity management service could have allowed...

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

CVE News

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Fortra has issued an urgent security advisory concerning a newly identified vulnerability in its GoAnywhere Managed File...

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Blue-Team

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Microsoft’s September 2025 Patch Tuesday has been released, addressing a total of 81 security vulnerabilities across its...

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

CVE News

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

SAP has released patches for 21 new security flaws, including three critical vulnerabilities in its widely used...

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

CVE News

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

A critical zero-day vulnerability in legacy Sitecore deployments, designated CVE-2025-53690, has been actively exploited by threat actors...

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

CVE News

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Google’s September 2025 Android security bulletin addresses a significant security event, patching 120 vulnerabilities across the platform...

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

CVE News

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Click Studios, the developer of the Passwordstate enterprise password manager, has issued an urgent warning to its...

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CVE News

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Citrix has released emergency patches for a critical remote code execution vulnerability, tracked as CVE-2025-7775, affecting its...

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Red-Team

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

A new class of attack, exploiting the image preprocessing pipelines of multimodal AI systems, has been demonstrated...

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

CVE News

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

A critical vulnerability in Docker Desktop for Windows and macOS, designated CVE-2025-9074, has been patched after it...

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

CVE News

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

A newly disclosed class of vulnerabilities in browser extensions for major password managers exposes tens of millions...

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

CVE News

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

The Pennsylvania Attorney General’s Office (AGO) has confirmed a cyberattack that disrupted critical systems, including email services,...

Windows 11 August 2025 Updates: Security Patches and New Features

CVE News

Windows 11 August 2025 Updates: Security Patches and New Features

Microsoft has released cumulative updates KB5063878 and KB5063875 for Windows 11 versions 24H2 and 23H2, addressing 107...

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

CVE News

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Microsoft’s August 2025 Patch Tuesday addresses 107 security vulnerabilities, including one actively exploited zero-day in Windows Kerberos....

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

CVE News

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

As of August 2025, more than 3,300 Citrix NetScaler devices remain vulnerable to CitrixBleed 2 (CVE-2025-5777), a...

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

CVE News

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

A critical WinRAR vulnerability, tracked as CVE-2025-8088, was actively exploited as a zero-day in phishing campaigns to...

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

CVE News

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

Administrators and security teams are urged to patch CrushFTP servers immediately following active exploitation of a critical...

Posts pagination

1 2 3 4 … 11 Next

Critical Vulnerabilities

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

Windows 11 August 2025 Updates: Security Patches and New Features

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

You may have missed

Adobe Analytics Data Leak: Architectural Failure Exposes Cross-Tenant Data

Snapchat’s Shift to Paid Storage: A Technical Analysis of Cloud Service Monetization

Google’s Developer Registration Policy Threatens F-Droid’s Existence

Google Drive for Desktop Deploys AI-Powered Ransomware Detection and Recovery