RCE

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

CVE News

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

A significant surge in Akira ransomware activity, first observed in late July 2025, has been attributed to...

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Blue-Team

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Microsoft’s September 2025 Patch Tuesday has been released, addressing a total of 81 security vulnerabilities across its...

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

CVE News

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

SAP has released patches for 21 new security flaws, including three critical vulnerabilities in its widely used...

Meta Faces Lawsuit Over Alleged WhatsApp Security Failures and FTC Violations

Cyber Laws & Regulations

Meta Faces Lawsuit Over Alleged WhatsApp Security Failures and FTC Violations

A former head of security for WhatsApp has filed a lawsuit against Meta, accusing the social media...

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

CVE News

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

A critical zero-day vulnerability in legacy Sitecore deployments, designated CVE-2025-53690, has been actively exploited by threat actors...

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

CVE News

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as the U.S....

Geolocation as a Cyber Weapon: The Invisible Attack Vector Reshaping Modern Threats

Threat Intelligence

Geolocation as a Cyber Weapon: The Invisible Attack Vector Reshaping Modern Threats

The weaponization of geolocation data represents one of the most significant shifts in offensive cyber operations, transforming...

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

CVE News

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Google’s September 2025 Android security bulletin addresses a significant security event, patching 120 vulnerabilities across the platform...

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

CVE News

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Click Studios, the developer of the Passwordstate enterprise password manager, has issued an urgent warning to its...

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CVE News

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Citrix has released emergency patches for a critical remote code execution vulnerability, tracked as CVE-2025-7775, affecting its...

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

CVE News

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Git distributed...

Coordinated Reconnaissance Campaign Targets Microsoft RDP Authentication Servers

Threat Intelligence

Coordinated Reconnaissance Campaign Targets Microsoft RDP Authentication Servers

Internet intelligence firm GreyNoise has identified a significant and coordinated surge in scanning activity directed at Microsoft...

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Red-Team

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

A new class of attack, exploiting the image preprocessing pipelines of multimodal AI systems, has been demonstrated...

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

CVE News

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

A critical vulnerability in Docker Desktop for Windows and macOS, designated CVE-2025-9074, has been patched after it...

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

CVE News

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

Apple has released emergency security updates to address a zero-day vulnerability actively exploited in what the company...

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

CVE News

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

A newly disclosed class of vulnerabilities in browser extensions for major password managers exposes tens of millions...

Fortinet VPN Brute-Force Attacks Signal Potential Zero-Day Exploits

Threat Intelligence

Fortinet VPN Brute-Force Attacks Signal Potential Zero-Day Exploits

A significant increase in brute-force attacks targeting Fortinet SSL VPNs has raised concerns about potential zero-day vulnerabilities....

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

CVE News

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

The Pennsylvania Attorney General’s Office (AGO) has confirmed a cyberattack that disrupted critical systems, including email services,...

Microsoft’s Removal of PowerShell 2.0: Security Implications and Migration Guidance

Blue-Team

Microsoft’s Removal of PowerShell 2.0: Security Implications and Migration Guidance

Microsoft has confirmed the removal of PowerShell 2.0 from Windows 11 and Windows Server systems starting August...

Windows 11 August 2025 Updates: Security Patches and New Features

CVE News

Windows 11 August 2025 Updates: Security Patches and New Features

Microsoft has released cumulative updates KB5063878 and KB5063875 for Windows 11 versions 24H2 and 23H2, addressing 107...

Posts pagination

Previous 1 2 3 4 5 … 11 Next

RCE

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

Meta Faces Lawsuit Over Alleged WhatsApp Security Failures and FTC Violations

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

Geolocation as a Cyber Weapon: The Invisible Attack Vector Reshaping Modern Threats

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

Coordinated Reconnaissance Campaign Targets Microsoft RDP Authentication Servers

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

Fortinet VPN Brute-Force Attacks Signal Potential Zero-Day Exploits

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

Microsoft’s Removal of PowerShell 2.0: Security Implications and Migration Guidance

Windows 11 August 2025 Updates: Security Patches and New Features

You may have missed

Firefox 145 Enhances Anti-Fingerprinting Protections, Impacting Threat Actor Reconnaissance

Quantum Route Redirect: A New PhaaS Platform Targeting Microsoft 365 Credentials

The LinkedIn Phishing Epidemic: Technical Analysis of Multi-Channel Attacks Targeting Executives

AI Infrastructure Expansion Fueled by Debt Raises Systemic Financial Risks