High Risk

Tor Browser 14.0.8 Emergency Update: Critical Security Fixes for Windows

Blue-Team

Tor Browser 14.0.8 Emergency Update: Critical Security Fixes for Windows

The Tor Project has issued an emergency update, Tor Browser 14.0.8, exclusively for Windows users. This release...

Critical NetApp SnapCenter Vulnerability Allows Privilege Escalation to Remote Admin Access

CVE News

Critical NetApp SnapCenter Vulnerability Allows Privilege Escalation to Remote Admin Access

A critical security flaw in NetApp SnapCenter, tracked as CVE-2025-26512, could allow authenticated users to escalate privileges...

Mobile Security & Malware Threats: Critical Vulnerabilities and Emerging Risks in March 2025

CVE News

Mobile Security & Malware Threats: Critical Vulnerabilities and Emerging Risks in March 2025

The fourth week of March 2025 has brought significant developments in mobile security and malware, with critical...

High-Severity Missing Authorization Flaw in Shinetheme Traveler WordPress Theme (CVE-2025-26733)

CVE News

High-Severity Missing Authorization Flaw in Shinetheme Traveler WordPress Theme (CVE-2025-26733)

A high-severity vulnerability (CVE-2025-26733) has been identified in the Shinetheme Traveler WordPress theme, affecting versions up to...

Critical RCE Vulnerability in Shinetheme Traveler (CVE-2025-26873): Analysis and Mitigation

CVE News

Critical RCE Vulnerability in Shinetheme Traveler (CVE-2025-26873): Analysis and Mitigation

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-26873, has been disclosed in the Shinetheme Traveler...

Critical SQL Injection Vulnerability Discovered in Shinetheme Traveler (CVE-2025-26898)

CVE News

Critical SQL Injection Vulnerability Discovered in Shinetheme Traveler (CVE-2025-26898)

A critical SQL injection vulnerability (CVE-2025-26898) has been identified in the Shinetheme Traveler WordPress theme, affecting versions...

Exim Use-After-Free Vulnerability (CVE-2025-30232) Poses Privilege Escalation Risk

CVE News

Exim Use-After-Free Vulnerability (CVE-2025-30232) Poses Privilege Escalation Risk

A high-severity vulnerability (CVE-2025-30232) has been identified in Exim mail servers, affecting versions 4.96 through 4.98.1. The...

Dell Unity Open Redirect Vulnerability (CVE-2025-24381): Risks and Mitigation

CVE News

Dell Unity Open Redirect Vulnerability (CVE-2025-24381): Risks and Mitigation

A high-severity open redirect vulnerability (CVE-2025-24381) has been identified in Dell Unity storage systems running versions 5.4...

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

CVE News

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

A critical vulnerability (CVE-2025-2294) has been identified in the Kubio AI Page Builder plugin for WordPress, affecting...

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

Threat Intelligence

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

AhnLab’s Threat Intelligence Platform has released 19 new Snort rules addressing critical vulnerabilities including PostgreSQL SQL injection...

Active Directory Security: Exploiting and Mitigating GenericWrite DACL Vulnerabilities

Blue-Team

Active Directory Security: Exploiting and Mitigating GenericWrite DACL Vulnerabilities

Active Directory’s Discretionary Access Control Lists (DACLs) serve as fundamental security mechanisms governing object permissions within directory...

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Blue-Team

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Discretionary Access Control Lists (DACLs) serve as a fundamental security mechanism governing access to directory...

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

News

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Misconfigured WriteOwner permissions in Active Directory can enable attackers to take ownership of critical objects, bypass security...

Active Directory Security Risk: Exploiting AddSelf Permissions for Privilege Escalation

News

Active Directory Security Risk: Exploiting AddSelf Permissions for Privilege Escalation

A critical misconfiguration in Active Directory’s Discretionary Access Control Lists (DACLs) allows attackers to abuse the AddSelf...

Active Directory Security: Mitigating Risks from Pre-Windows 2000 Compatibility Weaknesses

Blue-Team

Active Directory Security: Mitigating Risks from Pre-Windows 2000 Compatibility Weaknesses

Legacy configurations in Active Directory (AD) often introduce security vulnerabilities, and one of the most persistent risks...

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

Blue-Team

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

A Shadow Credentials attack is an advanced exploitation technique targeting Active Directory Certificate Services (AD CS), enabling...

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

Threat Intelligence

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

A newly identified Mirai botnet variant (IoT.Linux.MIRAI.VWISI) has begun exploiting CVE-2020-10173, a command injection vulnerability in Comtrend...

Backdoor.MSIL.BLADABINDI.THA: Analyzing the Persistent Windows Backdoor Threat

Malware Analysis

Backdoor.MSIL.BLADABINDI.THA: Analyzing the Persistent Windows Backdoor Threat

Backdoor.MSIL.BLADABINDI.THA represents a concerning Windows-based backdoor malware that security teams should monitor, particularly due to its recent...

Trojan.Win64.COMBACKER.YABA-A: Analyzing the Persistent Low-Risk Threat to Windows Systems

News

Trojan.Win64.COMBACKER.YABA-A: Analyzing the Persistent Low-Risk Threat to Windows Systems

Trojan.Win64.COMBACKER.YABA-A represents a persistent though low-risk threat to Windows systems, first identified in January 2021 by Trend...

DEARCRY Ransomware: Technical Analysis of a High-Risk Threat Targeting Microsoft Exchange Servers

Malware Analysis

DEARCRY Ransomware: Technical Analysis of a High-Risk Threat Targeting Microsoft Exchange Servers

Summary: Ransom.Win32.DEARCRY.THCABBA represents a significant cybersecurity threat despite its relatively low prevalence. First identified in March 2021,...

Posts pagination

Previous 1 2 3 4 Next

High Risk

Tor Browser 14.0.8 Emergency Update: Critical Security Fixes for Windows

Critical NetApp SnapCenter Vulnerability Allows Privilege Escalation to Remote Admin Access

Mobile Security & Malware Threats: Critical Vulnerabilities and Emerging Risks in March 2025

High-Severity Missing Authorization Flaw in Shinetheme Traveler WordPress Theme (CVE-2025-26733)

Critical RCE Vulnerability in Shinetheme Traveler (CVE-2025-26873): Analysis and Mitigation

Critical SQL Injection Vulnerability Discovered in Shinetheme Traveler (CVE-2025-26898)

Exim Use-After-Free Vulnerability (CVE-2025-30232) Poses Privilege Escalation Risk

Dell Unity Open Redirect Vulnerability (CVE-2025-24381): Risks and Mitigation

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

Active Directory Security: Exploiting and Mitigating GenericWrite DACL Vulnerabilities

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Active Directory Security Risk: Exploiting AddSelf Permissions for Privilege Escalation

Active Directory Security: Mitigating Risks from Pre-Windows 2000 Compatibility Weaknesses

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

Backdoor.MSIL.BLADABINDI.THA: Analyzing the Persistent Windows Backdoor Threat

Trojan.Win64.COMBACKER.YABA-A: Analyzing the Persistent Low-Risk Threat to Windows Systems

DEARCRY Ransomware: Technical Analysis of a High-Risk Threat Targeting Microsoft Exchange Servers

You may have missed

Trump’s TikTok Decision: National Security, Ownership, and April 5 Deadline

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

WpTravelly Plugin Vulnerability Exposes WordPress Sites to Object Injection Attacks