vulnerability

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

News

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

When integrating applications with Microsoft Azure, administrators may encounter the error “AADSTS700054: response_type ‘id_token’ is not enabled...

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

News

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

Large Language Models (LLMs) are increasingly integrated into enterprise workflows, but a new attack vector—ASCII smuggling—exploits Unicode’s...

HotPage Adware Exploits Microsoft-Signed Driver to Target Chinese Gamers

News

HotPage Adware Exploits Microsoft-Signed Driver to Target Chinese Gamers

ESET researchers have uncovered a sophisticated adware campaign called HotPage, which abuses a vulnerable Microsoft-signed driver to...

ESET APT Activity Report Q2-Q3 2024: Key Trends in State-Sponsored Cyber Threats

APT-News

ESET APT Activity Report Q2-Q3 2024: Key Trends in State-Sponsored Cyber Threats

ESET’s latest APT Activity Report for Q2-Q3 2024 reveals significant developments in state-aligned cyber threats, with China,...

RomCom APT Exploits Firefox and Windows Zero-Days in Stealthy Cyberattacks

APT-News

RomCom APT Exploits Firefox and Windows Zero-Days in Stealthy Cyberattacks

Summary for Security Leadership The Russia-aligned RomCom APT group (also tracked as Storm-0978 or UNC2596) has been...

CVE-2024-7344: Critical UEFI Secure Boot Bypass Vulnerability Exposed

CVE News

CVE-2024-7344: Critical UEFI Secure Boot Bypass Vulnerability Exposed

Summary for CISOs: A critical vulnerability (CVE-2024-7344) in UEFI Secure Boot allows attackers to bypass security checks...

Critical Authentication Bypass in Kentico Xperience CMS (CVE-2025-2747)

CVE News

Critical Authentication Bypass in Kentico Xperience CMS (CVE-2025-2747)

A critical authentication bypass vulnerability (CVE-2025-2747) has been identified in Kentico Xperience CMS, affecting versions through 13.0.178....

CVE-2025-2683: Critical SQL Injection in PHPGurukul Bank Locker Management System

CVE News

CVE-2025-2683: Critical SQL Injection in PHPGurukul Bank Locker Management System

Summary A critical SQL injection vulnerability (CVE-2025-2683) has been discovered in PHPGurukul’s Bank Locker Management System version...

Critical Unrestricted File Upload Vulnerability in PHPGurukul eLearning System (CVE-2025-2687)

CVE News

Critical Unrestricted File Upload Vulnerability in PHPGurukul eLearning System (CVE-2025-2687)

A critical vulnerability (CVE-2025-2687) has been discovered in PHPGurukul eLearning System 1.0, affecting its Image Handler component....

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

CVE News

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

A critical deserialization vulnerability (CVE-2025-2690) has been discovered in the Yii2 PHP framework, allowing remote code execution....

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Blue-Team
CVE News

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Zoho Corporation has addressed a medium-severity authentication vulnerability (CVE-2025-1723) in ManageEngine ADSelfService Plus versions 6510 and earlier....

Critical VMware Vulnerabilities Patched: NCSC-2025-0073 Advisory on ESXi, Workstation, and Fusion Risks

CVE News

Critical VMware Vulnerabilities Patched: NCSC-2025-0073 Advisory on ESXi, Workstation, and Fusion Risks

Broadcom has addressed multiple high-severity vulnerabilities in VMware ESXi, Workstation, and Fusion products, as detailed in NCSC...

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

CVE News

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

Summary: IBM has addressed critical security vulnerabilities in its enterprise storage products, including authentication bypass (CVE-2025-0159) and...

SAP Patches Critical Vulnerabilities in Commerce, NetWeaver, and BusinessObjects Components

CVE News

SAP Patches Critical Vulnerabilities in Commerce, NetWeaver, and BusinessObjects Components

SAP has released security updates addressing multiple vulnerabilities across its software portfolio, including SAP Commerce, SAP NetWeaver,...

Critical PipeCD Vulnerability (CVE-2024-53351): Authorization Bypass Exposes Deployment Pipelines

CVE News

Critical PipeCD Vulnerability (CVE-2024-53351): Authorization Bypass Exposes Deployment Pipelines

A critical authorization bypass vulnerability (CVE-2024-53351) has been discovered in PipeCD v0.49, allowing attackers to access service...

High-Severity SQL Injection Vulnerability in Flickr Set Slideshows (CVE-2025-30590)

CVE News

High-Severity SQL Injection Vulnerability in Flickr Set Slideshows (CVE-2025-30590)

A critical SQL injection vulnerability (CVE-2025-30590) has been discovered in the Dourou Flickr set slideshows plugin, affecting...

Critical FortiOS and FortiProxy RCE Vulnerability (CVE-2023-25610): Patch Now to Prevent Remote Exploitation

CVE News

Critical FortiOS and FortiProxy RCE Vulnerability (CVE-2023-25610): Patch Now to Prevent Remote Exploitation

Summary: Fortinet has disclosed a critical buffer underwrite vulnerability (CVE-2023-25610) affecting multiple versions of FortiOS and FortiProxy,...

Hidden Threats in Microsoft 365 Backups: How Malware Lurks and Risks Reinfection

News

Hidden Threats in Microsoft 365 Backups: How Malware Lurks and Risks Reinfection

A recent study by Acronis Threat Research Unit reveals critical security gaps in Microsoft 365 backup data,...

Critical Next.js Vulnerability (CVE-2025-29927) Exposes Websites to Authorization Bypass Attacks

CVE News

Critical Next.js Vulnerability (CVE-2025-29927) Exposes Websites to Authorization Bypass Attacks

A severe security flaw in Next.js, tracked as CVE-2025-29927, allows attackers to bypass authentication and authorization checks...

Critical Microsoft Windows Vulnerabilities Patched: NCSC-2025-0078 Advisory

CVE News
Exploitation

Critical Microsoft Windows Vulnerabilities Patched: NCSC-2025-0078 Advisory

Microsoft has recently addressed a series of critical vulnerabilities in its Windows operating system, as highlighted in...

Posts pagination

Previous 1 … 15 16 17 18 19 20 Next

vulnerability

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

HotPage Adware Exploits Microsoft-Signed Driver to Target Chinese Gamers

ESET APT Activity Report Q2-Q3 2024: Key Trends in State-Sponsored Cyber Threats

RomCom APT Exploits Firefox and Windows Zero-Days in Stealthy Cyberattacks

CVE-2024-7344: Critical UEFI Secure Boot Bypass Vulnerability Exposed

Critical Authentication Bypass in Kentico Xperience CMS (CVE-2025-2747)

CVE-2025-2683: Critical SQL Injection in PHPGurukul Bank Locker Management System

Critical Unrestricted File Upload Vulnerability in PHPGurukul eLearning System (CVE-2025-2687)

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Critical VMware Vulnerabilities Patched: NCSC-2025-0073 Advisory on ESXi, Workstation, and Fusion Risks

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

SAP Patches Critical Vulnerabilities in Commerce, NetWeaver, and BusinessObjects Components

Critical PipeCD Vulnerability (CVE-2024-53351): Authorization Bypass Exposes Deployment Pipelines

High-Severity SQL Injection Vulnerability in Flickr Set Slideshows (CVE-2025-30590)

Critical FortiOS and FortiProxy RCE Vulnerability (CVE-2023-25610): Patch Now to Prevent Remote Exploitation

Critical Next.js Vulnerability (CVE-2025-29927) Exposes Websites to Authorization Bypass Attacks

Critical Microsoft Windows Vulnerabilities Patched: NCSC-2025-0078 Advisory

You may have missed

U.S. Sanctions Grinex Crypto-Exchange as Garantex Successor in Crackdown on Ransomware Money Laundering

Meta’s Erroneous Instagram Account Bans: Technical Implications for Security Teams

Supreme Court’s Decision on Mississippi Social Media Age Verification Law: Technical and Legal Implications

Microsoft Resolves Critical Windows Server Cluster and VM Stability Issues