Recent forensic investigations by Volexity have uncovered a sophisticated attack campaign exploiting two chained zero-day vulnerabilities in...
Critical Vulnerabilities
A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks’ PAN-OS firewalls has been actively exploited since at...
A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks’ PAN-OS GlobalProtect feature has been actively exploited since...
A newly identified threat, Trojan.W97M.CVE202140444.A, exploits a critical Microsoft Office vulnerability (CVE-2021-40444) to execute remote code through...
Critical OpenSSH Vulnerabilities CVE-2024-6387 and CVE-2024-6409: Analysis and Mitigation Strategies
Critical OpenSSH Vulnerabilities CVE-2024-6387 and CVE-2024-6409: Analysis and Mitigation Strategies
Two critical vulnerabilities in OpenSSH—CVE-2024-6387 (dubbed “regreSSHion”) and CVE-2024-6409—pose significant risks to Linux systems running vulnerable versions....
Progress Software’s WhatsUp Gold, a widely used network monitoring solution, is under active attack due to two...
Two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC) have been identified and patched, according to...
A newly discovered high-severity vulnerability (CVE-2025-1098) in Kubernetes’ Ingress-Nginx controller allows attackers to execute arbitrary code and...
A critical security vulnerability (CVE-2025-1974) in Kubernetes’ ingress-nginx controller has been disclosed, allowing unauthenticated attackers with pod...
A newly disclosed high-severity vulnerability (CVE-2025-24514) in Kubernetes’ ingress-nginx controller enables attackers to execute arbitrary code and...
Summary for Security Leadership The Russia-aligned RomCom APT group (also tracked as Storm-0978 or UNC2596) has been...
Summary for CISOs: A critical vulnerability (CVE-2024-7344) in UEFI Secure Boot allows attackers to bypass security checks...
A critical authentication bypass vulnerability (CVE-2025-2747) has been identified in Kentico Xperience CMS, affecting versions through 13.0.178....
Summary A critical SQL injection vulnerability (CVE-2025-2683) has been discovered in PHPGurukul’s Bank Locker Management System version...
A critical vulnerability (CVE-2025-2687) has been discovered in PHPGurukul eLearning System 1.0, affecting its Image Handler component....
A critical deserialization vulnerability (CVE-2025-2690) has been discovered in the Yii2 PHP framework, allowing remote code execution....
Broadcom has addressed multiple high-severity vulnerabilities in VMware ESXi, Workstation, and Fusion products, as detailed in NCSC...
Summary: IBM has addressed critical security vulnerabilities in its enterprise storage products, including authentication bypass (CVE-2025-0159) and...
SAP has released security updates addressing multiple vulnerabilities across its software portfolio, including SAP Commerce, SAP NetWeaver,...
A critical authorization bypass vulnerability (CVE-2024-53351) has been discovered in PipeCD v0.49, allowing attackers to access service...
