Vulnerability Management

Critical SQL Injection Vulnerability Discovered in Shinetheme Traveler (CVE-2025-26898)

CVE News

Critical SQL Injection Vulnerability Discovered in Shinetheme Traveler (CVE-2025-26898)

A critical SQL injection vulnerability (CVE-2025-26898) has been identified in the Shinetheme Traveler WordPress theme, affecting versions...

Exim Use-After-Free Vulnerability (CVE-2025-30232) Poses Privilege Escalation Risk

CVE News

Exim Use-After-Free Vulnerability (CVE-2025-30232) Poses Privilege Escalation Risk

A high-severity vulnerability (CVE-2025-30232) has been identified in Exim mail servers, affecting versions 4.96 through 4.98.1. The...

Dell Unity Open Redirect Vulnerability (CVE-2025-24381): Risks and Mitigation

CVE News

Dell Unity Open Redirect Vulnerability (CVE-2025-24381): Risks and Mitigation

A high-severity open redirect vulnerability (CVE-2025-24381) has been identified in Dell Unity storage systems running versions 5.4...

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

CVE News

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

A critical vulnerability (CVE-2025-2294) has been identified in the Kubio AI Page Builder plugin for WordPress, affecting...

MORSECORP Inc. Settles $4.6 Million Cybersecurity Fraud Case with U.S. Government

Cyber Laws & Regulations

MORSECORP Inc. Settles $4.6 Million Cybersecurity Fraud Case with U.S. Government

Defense contractor MORSECORP Inc. has agreed to pay $4.6 million to resolve allegations of cybersecurity fraud involving...

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

Threat Intelligence

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

AhnLab’s Threat Intelligence Platform has released 19 new Snort rules addressing critical vulnerabilities including PostgreSQL SQL injection...

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Threat Intelligence

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Recent forensic investigations by Volexity have uncovered a sophisticated attack campaign exploiting two chained zero-day vulnerabilities in...

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Blue-Team

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Discretionary Access Control Lists (DACLs) serve as a fundamental security mechanism governing access to directory...

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

News

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Misconfigured WriteOwner permissions in Active Directory can enable attackers to take ownership of critical objects, bypass security...

Credential Dumping via Active Directory User Comments: Risks and Mitigations

News

Credential Dumping via Active Directory User Comments: Risks and Mitigations

Active Directory (AD) credential dumping remains a significant threat, with attackers increasingly exploiting overlooked attributes like user...

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

Blue-Team

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

A Shadow Credentials attack is an advanced exploitation technique targeting Active Directory Certificate Services (AD CS), enabling...

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

Threat Intelligence

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

A newly identified Mirai botnet variant (IoT.Linux.MIRAI.VWISI) has begun exploiting CVE-2020-10173, a command injection vulnerability in Comtrend...

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

Threat Intelligence

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

The Trojan.Win64.HAFNIUM.A malware represents a sophisticated threat targeting Microsoft Exchange servers, initially attributed to the Chinese state-sponsored...

Understanding Trojan.Win32.CVE20188120.E: A Windows Privilege Escalation Threat

CVE News

Understanding Trojan.Win32.CVE20188120.E: A Windows Privilege Escalation Threat

The Trojan.Win32.CVE20188120.E malware represents a persistent threat leveraging CVE-2018-8120, a privilege escalation vulnerability in Windows systems. This...

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

Malware Analysis

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

The ransomware strain Ransom.Win32.BLACKMATTER.THGOCBA presents a moderate-risk threat with significant operational impact potential, primarily targeting Windows environments....

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

CVE News

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

Two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC) have been identified and patched, according to...

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

CVE News

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

NetApp has resolved a critical privilege escalation vulnerability (NCSC-2025-0097) in its SnapCenter backup management platform, which could...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

A newly disclosed high-severity vulnerability (CVE-2025-24514) in Kubernetes’ ingress-nginx controller enables attackers to execute arbitrary code and...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

A critical security vulnerability affecting multiple H3C Magic series routers has been identified, allowing remote attackers to...

Extrude: Open-Source Binary Analysis Tool for Security Teams

News

Extrude: Open-Source Binary Analysis Tool for Security Teams

Security teams now have access to a powerful new open-source tool for analyzing binary security posture. Extrude...

Posts pagination

Previous 1 … 6 7 8 9 10 Next

Vulnerability Management

Critical SQL Injection Vulnerability Discovered in Shinetheme Traveler (CVE-2025-26898)

Exim Use-After-Free Vulnerability (CVE-2025-30232) Poses Privilege Escalation Risk

Dell Unity Open Redirect Vulnerability (CVE-2025-24381): Risks and Mitigation

Critical LFI Vulnerability in Kubio AI Page Builder for WordPress (CVE-2025-2294)

MORSECORP Inc. Settles $4.6 Million Cybersecurity Fraud Case with U.S. Government

Critical PostgreSQL SQLi and Palo Alto VPN Exploits Targeted in Latest Snort Rules Update (Feb 2025 Week 4)

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Credential Dumping via Active Directory User Comments: Risks and Mitigations

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

New Mirai Botnet Variant Targets Comtrend Router Vulnerability (CVE-2020-10173)

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

Understanding Trojan.Win32.CVE20188120.E: A Windows Privilege Escalation Threat

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

Critical Authentication Flaws in Microsoft Azure Private 5G Core Expose Networks to Disruption

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

Extrude: Open-Source Binary Analysis Tool for Security Teams

You may have missed

OpenAI’s $3 Billion Windsurf Acquisition: Strategic Shift Toward AI-Driven Developer Tools

Apple’s AI Partnership with Alibaba Sparks U.S. National Security Concerns

Meta’s Antitrust Battle: Examining the FTC’s Monopoly Allegations

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation