Vulnerability Management

Tenda AC1206 Buffer Overflow Vulnerability (CVE-2025-4298): Technical Analysis and Mitigation

CVE News

Tenda AC1206 Buffer Overflow Vulnerability (CVE-2025-4298): Technical Analysis and Mitigation

A critical buffer overflow vulnerability (CVE-2025-4298) has been identified in Tenda AC1206 routers, affecting firmware versions up...

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

CVE News

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

A high-severity vulnerability (CVE-2025-4279) has been identified in the WordPress External Image Replace plugin, enabling authenticated attackers...

Weak Passwords and Account Compromise: A Growing Threat Landscape

News

Weak Passwords and Account Compromise: A Growing Threat Landscape

A recent study by the FIDO Alliance reveals that 36% of online users have experienced at least...

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

CVE News

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated the urgency around a critical vulnerability in...

Georgia School District and New Mexico University Hit by Qilin Ransomware Attacks

APT-News

Georgia School District and New Mexico University Hit by Qilin Ransomware Attacks

Cyberattacks targeting educational institutions have surged in recent weeks, with the Coweta County School System in Georgia...

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

CVE News

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

A critical vulnerability in OpenCTI, tracked as CVE-2025-24977, allows authenticated users to execute arbitrary commands on the...

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

CVE News

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

Apple’s AirPlay protocol, a proprietary wireless technology used for streaming audio and video across devices, was found...

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

CVE News

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

The US Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical vulnerabilities affecting SonicWall Secure...

7 Critical Smartphone Security Measures for Enterprise Protection

Blue-Team

7 Critical Smartphone Security Measures for Enterprise Protection

Smartphones have become prime targets for cyber threats, from border surveillance to sophisticated malware. For organizations, securing...

Microsoft Silently Resolves Windows 10 Start Menu Jump List Bug

News

Microsoft Silently Resolves Windows 10 Start Menu Jump List Bug

Microsoft has quietly addressed a bug affecting Start Menu jump lists on Windows 10 version 22H2 systems....

xAI API Key Leak Exposes Private SpaceX and Tesla LLMs for Two Months

Data Breach

xAI API Key Leak Exposes Private SpaceX and Tesla LLMs for Two Months

A developer at Elon Musk’s artificial intelligence company xAI accidentally leaked a private API key on GitHub,...

SK Telecom’s SIM Replacement Crisis: Technical and Operational Breakdown

Data Breach

SK Telecom’s SIM Replacement Crisis: Technical and Operational Breakdown

South Korea’s largest mobile carrier, SK Telecom (SKT), is scrambling to contain the fallout from a massive...

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

CVE News

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with CVE-2025-31324,...

CNIL Tightens Data Security Regulations Amid Surge in Breaches Across France

Blue-Team

CNIL Tightens Data Security Regulations Amid Surge in Breaches Across France

France’s data protection authority, the CNIL, is escalating enforcement measures against companies failing to secure sensitive data...

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

CVE News

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

Delta Electronics’ ISPSoft programming software, widely used in industrial automation systems, contains multiple critical vulnerabilities that could...

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

CVE News

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

A critical vulnerability in YesWiki, tracked as CVE-2025-46348, allows unauthenticated attackers to create and download site backups...

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

APT-News

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

The Outlaw cybergang, also known as “Dota,” has intensified its global campaign against Linux systems, deploying a...

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Red-Team

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Recent reports highlight a surge in MSSQL injection attacks, with threat actors exploiting vulnerabilities to execute remote...

Huntress Agent Updater: Security Features and Update Mechanics

News

Huntress Agent Updater: Security Features and Update Mechanics

The Huntress Agent, a widely deployed endpoint detection and response (EDR) tool, relies on its updater service...

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

CVE News

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

A critical SQL injection vulnerability (CVE-2017-18362) in ConnectWise’s ManagedITSync integration exposed Kaseya VSA servers to unauthenticated remote...

Posts pagination

Previous 1 … 5 6 7 8 9 10 11 … 17 Next

Vulnerability Management

Tenda AC1206 Buffer Overflow Vulnerability (CVE-2025-4298): Technical Analysis and Mitigation

CVE-2025-4279: Critical Arbitrary File Upload Vulnerability in WordPress External Image Replace Plugin

Weak Passwords and Account Compromise: A Growing Threat Landscape

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

Georgia School District and New Mexico University Hit by Qilin Ransomware Attacks

Critical OpenCTI Container Escalation Vulnerability (CVE-2025-24977) Exposes Infrastructure to Attacks

Critical AirPlay Vulnerabilities (AirBorne) Enable Wormable Zero-Click RCE on Apple Devices

SonicWall Vulnerabilities Confirmed as Actively Exploited by CISA

7 Critical Smartphone Security Measures for Enterprise Protection

Microsoft Silently Resolves Windows 10 Start Menu Jump List Bug

xAI API Key Leak Exposes Private SpaceX and Tesla LLMs for Two Months

SK Telecom’s SIM Replacement Crisis: Technical and Operational Breakdown

CISA Adds SAP NetWeaver Vulnerability to Known Exploited Catalog: Analysis and Mitigation

Critical Vulnerabilities in Delta Electronics ISPSoft Expose Industrial Systems to Arbitrary Code Execution

Critical YesWiki Vulnerability (CVE-2025-46348) Allows Unauthenticated Backup Exfiltration

Outlaw Cybergang Escalates Linux Attacks with New SSH Brute-Force Tactics

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Huntress Agent Updater: Security Features and Update Mechanics

CVE-2017-18362: Critical SQL Injection in ConnectWise ManagedITSync Integration

You may have missed

Google Play Store to Implement Battery Performance Policy for Android Apps

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

North Korean IT Worker Scheme: A Technical Analysis of Infiltration and Fraud

Digital Passport Integration in Mobile Wallets: A Security Analysis