RCE

Windows Deployment Services Vulnerable to 0-Click UDP DoS Exploit

CVE News

Windows Deployment Services Vulnerable to 0-Click UDP DoS Exploit

A critical pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) allows attackers to crash systems...

CISA Warns of Active Exploitation: Critical Langflow RCE Vulnerability (CVE-2025-3248)

CVE News

CISA Warns of Active Exploitation: Critical Langflow RCE Vulnerability (CVE-2025-3248)

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding an actively exploited remote...

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

CVE News

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

A high-severity vulnerability (CVE-2025-4279) has been identified in the WordPress External Image Replace plugin, enabling authenticated attackers...

Tenda AC9 Command Injection Vulnerability (CVE-2025-45042): Critical Remote Code Execution Risk

CVE News

Tenda AC9 Command Injection Vulnerability (CVE-2025-45042): Critical Remote Code Execution Risk

A critical command injection vulnerability (CVE-2025-45042) has been identified in Tenda AC9 routers running firmware version 15.03.05.14,...

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

CVE News

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated the urgency around a critical vulnerability in...

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

CVE News

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

A critical vulnerability in OpenCTI, tracked as CVE-2025-24977, allows authenticated users to execute arbitrary commands on the...

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

CVE News

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

Apple’s AirPlay protocol, a proprietary wireless technology used for streaming audio and video across devices, was found...

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

CVE News

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

The US Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical vulnerabilities affecting SonicWall Secure...

April 2025 Cybersecurity Landscape: Ransomware Surge and Critical Vulnerabilities

Threat Intelligence

April 2025 Cybersecurity Landscape: Ransomware Surge and Critical Vulnerabilities

April 2025 marked one of the most intense periods for cybersecurity professionals worldwide, with unprecedented levels of...

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

CVE News

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with CVE-2025-31324,...

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

CVE News

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

A set of critical vulnerabilities in Apple’s AirPlay Protocol and AirPlay SDK, collectively dubbed “AirBorne,” exposes devices...

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

CVE News

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

Delta Electronics’ ISPSoft programming software, widely used in industrial automation systems, contains multiple critical vulnerabilities that could...

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Red-Team

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Recent research reveals critical vulnerabilities in generative AI systems, including jailbreak techniques like Inception attacks, unsafe code...

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

CVE News

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

A critical SQL injection vulnerability (CVE-2025-4039) has been identified in PHPGurukul’s Rail Pass Management System version 1.0,...

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

CVE News

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

A critical vulnerability in YesWiki, tracked as CVE-2025-46348, allows unauthenticated attackers to create and download site backups...

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

APT-News

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

The Outlaw cybergang, also known as “Dota,” has intensified its global campaign against Linux systems, deploying a...

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Red-Team

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Recent reports highlight a surge in MSSQL injection attacks, with threat actors exploiting vulnerabilities to execute remote...

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

CVE News

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

A critical SQL injection vulnerability (CVE-2017-18362) in ConnectWise’s ManagedITSync integration exposed Kaseya VSA servers to unauthenticated remote...

MSSQL Attack Mitigation: A Case Study in Incident Response

Blue-Team

MSSQL Attack Mitigation: A Case Study in Incident Response

When a database outage escalates into a full-blown security incident, the response strategy determines whether an organization...

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

CVE News

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

A newly disclosed vulnerability in Apache Tomcat, tracked as CVE-2025-23181, allows unprivileged command execution with a CVSS...

Posts pagination

Previous 1 2 3 4 5 6 … 9 Next

RCE

Windows Deployment Services Vulnerable to 0-Click UDP DoS Exploit

CISA Warns of Active Exploitation: Critical Langflow RCE Vulnerability (CVE-2025-3248)

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

Tenda AC9 Command Injection Vulnerability (CVE-2025-45042): Critical Remote Code Execution Risk

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

April 2025 Cybersecurity Landscape: Ransomware Surge and Critical Vulnerabilities

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

MSSQL Attack Mitigation: A Case Study in Incident Response

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

You may have missed

Windows 11 22H2 End of Support: Key Dates and Security Implications

WeTransfer’s AI Training Policy Reversal: A Security and Trust Analysis

The Arctic World Archive: A Cold Storage Solution for Digital Heritage

EE Network Outage: Technical Fault Disrupts Voice Services for Multiple Days