RCE

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

CVE News

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

Delta Electronics’ ISPSoft programming software, widely used in industrial automation systems, contains multiple critical vulnerabilities that could...

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Red-Team

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Recent research reveals critical vulnerabilities in generative AI systems, including jailbreak techniques like Inception attacks, unsafe code...

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

CVE News

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

A critical SQL injection vulnerability (CVE-2025-4039) has been identified in PHPGurukul’s Rail Pass Management System version 1.0,...

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

CVE News

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

A critical vulnerability in YesWiki, tracked as CVE-2025-46348, allows unauthenticated attackers to create and download site backups...

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

APT-News

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

The Outlaw cybergang, also known as “Dota,” has intensified its global campaign against Linux systems, deploying a...

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Red-Team

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Recent reports highlight a surge in MSSQL injection attacks, with threat actors exploiting vulnerabilities to execute remote...

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

CVE News

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

A critical SQL injection vulnerability (CVE-2017-18362) in ConnectWise’s ManagedITSync integration exposed Kaseya VSA servers to unauthenticated remote...

MSSQL Attack Mitigation: A Case Study in Incident Response

Blue-Team

MSSQL Attack Mitigation: A Case Study in Incident Response

When a database outage escalates into a full-blown security incident, the response strategy determines whether an organization...

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

CVE News

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

A newly disclosed vulnerability in Apache Tomcat, tracked as CVE-2025-23181, allows unprivileged command execution with a CVSS...

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

CVE News

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

A critical remote code execution (RCE) vulnerability has been identified in PhpGurukul’s Online Banquet Booking System (OBBS)...

How Breaches Start: Analyzing 5 Real-World Vulnerabilities

News

How Breaches Start: Analyzing 5 Real-World Vulnerabilities

Not every security vulnerability poses an immediate high risk, but attackers often chain seemingly minor flaws to...

Cyber Threats to Satellite Systems: Attack Vectors and Defensive Strategies

Threat Intelligence

Cyber Threats to Satellite Systems: Attack Vectors and Defensive Strategies

Satellite systems are increasingly becoming targets of sophisticated cyberattacks, with nation-states and cybercriminal groups exploiting vulnerabilities in...

CISA Flags Actively Exploited Vulnerabilities in Broadcom, Commvault, and Qualitia Products

CVE News

CISA Flags Actively Exploited Vulnerabilities in Broadcom, Commvault, and Qualitia Products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited...

Critical SAP NetWeaver Vulnerability (CVE-2025-31324): Exploitation and Mitigation

CVE News

Critical SAP NetWeaver Vulnerability (CVE-2025-31324): Exploitation and Mitigation

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload...

ISC Stormcast: SAP NetWeaver Exploits and Steganographic Malware Trends

Threat Intelligence

ISC Stormcast: SAP NetWeaver Exploits and Steganographic Malware Trends

The SANS Internet Storm Center (ISC) Stormcast for April 29, 2025, highlights critical cybersecurity threats, including active...

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

CVE News

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

A critical vulnerability (CVE-2025-34491) in GFI MailEssentials enables authenticated attackers to execute arbitrary code through .NET deserialization...

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

CVE News

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

A critical vulnerability (CVE-2025-46661) has been identified in IPW Systems Metazo versions up to 8.1.3, allowing unauthenticated...

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

CVE News

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

A critical vulnerability (CVE-2015-2079) in Usermin, a web-based administration tool, allows authenticated attackers to execute arbitrary code...

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

Threat Intelligence

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

The cybersecurity landscape continues to evolve with increasing automation, as evidenced by a 16.7% year-over-year rise in...

CISA Expands Known Exploited Vulnerabilities Catalog with Three Critical Flaws

CVE News

CISA Expands Known Exploited Vulnerabilities Catalog with Three Critical Flaws

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with three...

Posts pagination

Previous 1 … 3 4 5 6 7 8 9 … 12 Next

RCE

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

AI Jailbreak Risks: Inception Attacks, Unsafe Code, and Data Theft in Major Models

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

MSSQL Attack Mitigation: A Case Study in Incident Response

Apache Tomcat CVE-2025-23181: Unprivileged Command Execution Vulnerability Analysis

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

How Breaches Start: Analyzing 5 Real-World Vulnerabilities

Cyber Threats to Satellite Systems: Attack Vectors and Defensive Strategies

CISA Flags Actively Exploited Vulnerabilities in Broadcom, Commvault, and Qualitia Products

Critical SAP NetWeaver Vulnerability (CVE-2025-31324): Exploitation and Mitigation

ISC Stormcast: SAP NetWeaver Exploits and Steganographic Malware Trends

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

Global Surge in Automated Scanning Activity: Threat Landscape Analysis

CISA Expands Known Exploited Vulnerabilities Catalog with Three Critical Flaws

You may have missed

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

North Korean IT Worker Scheme: A Technical Analysis of Infiltration and Fraud

Digital Passport Integration in Mobile Wallets: A Security Analysis

U.S. Launches Scam Center Strike Force to Combat $10 Billion Crypto Fraud Networks