Critical Vulnerability

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

CVE News

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

A critical vulnerability (CVE-2025-2294) has been identified in the Kubio AI Page Builder plugin for WordPress, affecting...

Critical Unauthenticated RCE Vulnerability Discovered in Ingress NGINX Controller

CVE News

Critical Unauthenticated RCE Vulnerability Discovered in Ingress NGINX Controller

A severe remote code execution (RCE) vulnerability has been identified in the Ingress NGINX Controller, allowing attackers...

Ivanti VPN Zero-Day Exploits: Critical Vulnerabilities and Advanced Persistence Techniques

APT-News

Ivanti VPN Zero-Day Exploits: Critical Vulnerabilities and Advanced Persistence Techniques

Security teams worldwide are grappling with widespread exploitation of Ivanti Connect Secure VPN appliances, as researchers uncover...

Critical Zero-Day Exploit in Palo Alto GlobalProtect Firewalls (CVE-2024-3400) Actively Exploited

CVE News

Critical Zero-Day Exploit in Palo Alto GlobalProtect Firewalls (CVE-2024-3400) Actively Exploited

A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks’ PAN-OS firewalls has been actively exploited since at...

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

CVE News

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks’ PAN-OS GlobalProtect feature has been actively exploited since...

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

Threat Intelligence

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

The Trojan.Win64.HAFNIUM.A malware represents a sophisticated threat targeting Microsoft Exchange servers, initially attributed to the Chinese state-sponsored...

Critical OpenSSH Vulnerabilities CVE-2024-6387 and CVE-2024-6409: Analysis and Mitigation Strategies

CVE News

Critical OpenSSH Vulnerabilities CVE-2024-6387 and CVE-2024-6409: Analysis and Mitigation Strategies

Two critical vulnerabilities in OpenSSH—CVE-2024-6387 (dubbed “regreSSHion”) and CVE-2024-6409—pose significant risks to Linux systems running vulnerable versions....

Critical WhatsUp Gold Vulnerabilities Exploited for RCE: Patch Now to Prevent Attacks

CVE News

Critical WhatsUp Gold Vulnerabilities Exploited for RCE: Patch Now to Prevent Attacks

Progress Software’s WhatsUp Gold, a widely used network monitoring solution, is under active attack due to two...

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

CVE News

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

Two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC) have been identified and patched, according to...

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

CVE News

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

A malicious campaign is targeting security researchers by distributing a fake proof-of-concept (PoC) exploit for the LDAPNightmare...

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

A newly disclosed critical vulnerability (CVE-2025-1097) in Kubernetes’ Ingress-Nginx controller enables attackers to execute arbitrary code and...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

A newly discovered high-severity vulnerability (CVE-2025-1098) in Kubernetes’ Ingress-Nginx controller allows attackers to execute arbitrary code and...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

A critical security vulnerability (CVE-2025-1974) in Kubernetes’ ingress-nginx controller has been disclosed, allowing unauthenticated attackers with pod...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

A newly disclosed high-severity vulnerability (CVE-2025-24514) in Kubernetes’ ingress-nginx controller enables attackers to execute arbitrary code and...

Bug Bounty Programs: The Complete Guide to Vulnerability Hunting

Bug Bounties & Responsible Disclosure

Bug Bounty Programs: The Complete Guide to Vulnerability Hunting

Bug bounty programs have become a proven strategy for strengthening system security through collaboration with external researchers....

Critical Vulnerability Patched in Apache Tomcat: CVE-2025-24813 Allows Remote Code Execution

CVE News
Exploitation

Critical Vulnerability Patched in Apache Tomcat: CVE-2025-24813 Allows Remote Code Execution

Apache Tomcat, a widely used open-source Java servlet container, has recently addressed a critical vulnerability that could...

Critical Vulnerabilities in FortiOS and FortiProxy Lead to Ransomware Attacks: NCSC Warns of Exploitation

CVE News
Exploitation

Critical Vulnerabilities in FortiOS and FortiProxy Lead to Ransomware Attacks: NCSC Warns of Exploitation

The National Cyber Security Centre (NCSC) has reported a significant surge in ransomware attacks targeting critical vulnerabilities...

CVE-2025-2691: High-Severity SSRF Vulnerability in Nossrf Package

Blue-Team
CVE News
Exploitation
Red-Team
Threat Intelligence

CVE-2025-2691: High-Severity SSRF Vulnerability in Nossrf Package

A critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-2691) has been identified in the nossrf package, affecting versions...

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

Bug Bounties & Responsible Disclosure
Cyber Laws & Regulations
Exploitation
Malware Analysis
Red-Team
SIEM & Detection Engineering

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

A critical vulnerability, CVE-2025-2609, has been identified in MagnusSolution’s MagnusBilling software, a widely used billing and call...

Posts pagination

Previous 1 … 3 4 5 6

Critical Vulnerability

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

Critical Unauthenticated RCE Vulnerability Discovered in Ingress NGINX Controller

Ivanti VPN Zero-Day Exploits: Critical Vulnerabilities and Advanced Persistence Techniques

Critical Zero-Day Exploit in Palo Alto GlobalProtect Firewalls (CVE-2024-3400) Actively Exploited

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

Critical OpenSSH Vulnerabilities CVE-2024-6387 and CVE-2024-6409: Analysis and Mitigation Strategies

Critical WhatsUp Gold Vulnerabilities Exploited for RCE: Patch Now to Prevent Attacks

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

Bug Bounty Programs: The Complete Guide to Vulnerability Hunting

Critical Vulnerability Patched in Apache Tomcat: CVE-2025-24813 Allows Remote Code Execution

Critical Vulnerabilities in FortiOS and FortiProxy Lead to Ransomware Attacks: NCSC Warns of Exploitation

CVE-2025-2691: High-Severity SSRF Vulnerability in Nossrf Package

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

You may have missed

Adobe Analytics Data Leak: Architectural Failure Exposes Cross-Tenant Data

Snapchat’s Shift to Paid Storage: A Technical Analysis of Cloud Service Monetization

Google’s Developer Registration Policy Threatens F-Droid’s Existence

Google Drive for Desktop Deploys AI-Powered Ransomware Detection and Recovery