vulnerability

Western Digital Patches Critical My Cloud Command Injection Vulnerability

CVE News

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Western Digital has released firmware updates to address a critical-severity vulnerability in multiple My Cloud Network Attached...

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

CVE News

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, was actively exploited...

Supply Chain Attack Targets Rust Developers Through Malicious Crates

Threat Intelligence

Supply Chain Attack Targets Rust Developers Through Malicious Crates

A software supply chain attack targeting the Rust programming language ecosystem has been uncovered, involving malicious packages...

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

CVE News

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

Security researchers have identified new vulnerabilities in Supermicro’s Baseboard Management Controller (BMC) firmware that allow attackers to...

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

CVE News

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

A newly identified vulnerability in multiple versions of OnePlus’s OxygenOS allows any application installed on a device...

NPM Package “fezbox” Uses QR Code Steganography to Steal Browser Cookies

Malware Analysis

NPM Package “fezbox” Uses QR Code Steganography to Steal Browser Cookies

In September 2025, the Node Package Manager (NPM) ecosystem was targeted by a series of sophisticated supply...

Critical Microsoft Entra ID Flaw Enabled Global Tenant Hijack

CVE News

Critical Microsoft Entra ID Flaw Enabled Global Tenant Hijack

A recently disclosed vulnerability in Microsoft’s Entra ID (formerly Azure AD) identity management service could have allowed...

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

CVE News

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Fortra has issued an urgent security advisory concerning a newly identified vulnerability in its GoAnywhere Managed File...

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

CVE News

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

Google has released an emergency security update for its Chrome browser to address a high-severity zero-day vulnerability,...

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

CVE News

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

Apple has released security updates for older iPhone and iPad models, backporting a critical fix for a...

Securing the Browser: The New Enterprise Perimeter and Attack Surface

Blue-Team

Securing the Browser: The New Enterprise Perimeter and Attack Surface

The modern web browser has become the primary interface for enterprise work, hosting sensitive data, credentials, and...

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

Blue-Team

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

The cybersecurity industry is confronting a fundamental shift in how vulnerabilities are managed. The traditional model, centered...

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

CVE News

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

Samsung has released a critical security update addressing a remote code execution vulnerability that was actively exploited...

Microsoft Exchange Online Outage: Analysis of North American Service Disruption and Historical Context

Blue-Team

Microsoft Exchange Online Outage: Analysis of North American Service Disruption and Historical Context

Microsoft is currently addressing a significant service disruption affecting its Exchange Online email platform for customers across...

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

CVE News

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

A significant surge in Akira ransomware activity, first observed in late July 2025, has been attributed to...

The Buyer’s Guide to Browser Extension Management: Mitigating a Pervasive Enterprise Risk

Blue-Team

The Buyer’s Guide to Browser Extension Management: Mitigating a Pervasive Enterprise Risk

Browser extensions are indispensable for modern workflows, boosting productivity by customizing the browsing experience. However, this convenience...

Microsoft Removes Barrier to Entry for Windows App Developers by Waiving Store Fees

News

Microsoft Removes Barrier to Entry for Windows App Developers by Waiving Store Fees

Microsoft has officially eliminated the one-time registration fee for individual developers seeking to publish applications on the...

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Blue-Team

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Microsoft’s September 2025 Patch Tuesday has been released, addressing a total of 81 security vulnerabilities across its...

Managing Cyber Risk Through External Attack Surface Management

Blue-Team

Managing Cyber Risk Through External Attack Surface Management

The rapid expansion of digital infrastructure has created a significant challenge for security teams: maintaining visibility over...

Microsoft Defender Anti-Spam Service Bug Disrupts Exchange Online and Teams URLs

Blue-Team

Microsoft Defender Anti-Spam Service Bug Disrupts Exchange Online and Teams URLs

Microsoft is currently addressing a significant service issue where its anti-spam filtering technology within Defender for Office...

Posts pagination

1 2 3 4 … 22 Next

vulnerability

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

Supply Chain Attack Targets Rust Developers Through Malicious Crates

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

NPM Package “fezbox” Uses QR Code Steganography to Steal Browser Cookies

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

Securing the Browser: The New Enterprise Perimeter and Attack Surface

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

Akira Ransomware Campaign Exploits SonicWall CVE-2024-40766 and Misconfigurations

The Buyer’s Guide to Browser Extension Management: Mitigating a Pervasive Enterprise Risk

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

You may have missed

Adobe Analytics Data Leak: Architectural Failure Exposes Cross-Tenant Data

Snapchat’s Shift to Paid Storage: A Technical Analysis of Cloud Service Monetization

Google’s Developer Registration Policy Threatens F-Droid’s Existence

Google Drive for Desktop Deploys AI-Powered Ransomware Detection and Recovery