vulnerability

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

CVE News

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Microsoft’s August 2025 Patch Tuesday addresses 107 security vulnerabilities, including one actively exploited zero-day in Windows Kerberos....

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

CVE News

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

As of August 2025, more than 3,300 Citrix NetScaler devices remain vulnerable to CitrixBleed 2 (CVE-2025-5777), a...

The Evolution and Security Implications of QR Codes

News

The Evolution and Security Implications of QR Codes

QR codes have become ubiquitous in modern life, appearing on everything from product packaging to payment terminals....

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

CVE News

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

A critical WinRAR vulnerability, tracked as CVE-2025-8088, was actively exploited as a zero-day in phishing campaigns to...

Microsoft 365 to Block Insecure FPRPC Protocol by Default: Security Implications and Configuration Guide

Blue-Team

Microsoft 365 to Block Insecure FPRPC Protocol by Default: Security Implications and Configuration Guide

Microsoft has announced a significant security update affecting Microsoft 365 applications on Windows platforms. Starting late August...

Autoswagger: Open-Source Tool Detects API Authorization Flaws Before Attackers Do

Security Tools & Research

Autoswagger: Open-Source Tool Detects API Authorization Flaws Before Attackers Do

Exposed API documentation has become a prime target for threat actors, providing a clear blueprint of system...

Age Verification on Porn Sites: Security and Privacy Implications

Cyber Laws & Regulations

Age Verification on Porn Sites: Security and Privacy Implications

Starting July 25, 2025, all pornography websites in the UK must implement government-approved age verification methods under...

Hardening Active Directory Against Kerberoasting Attacks

Blue-Team

Hardening Active Directory Against Kerberoasting Attacks

Kerberoasting remains a persistent threat to Active Directory (AD) environments, allowing attackers to crack service account passwords...

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

CVE News

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

Administrators and security teams are urged to patch CrushFTP servers immediately following active exploitation of a critical...

Arch Linux Removes Malicious AUR Packages Distributing Chaos RAT

Malware Analysis

Arch Linux Removes Malicious AUR Packages Distributing Chaos RAT

Arch Linux has removed three compromised packages from its Arch User Repository (AUR) after discovering they contained...

Microsoft Retracts False Fix Claim for Windows Firewall Logging Bug

Blue-Team

Microsoft Retracts False Fix Claim for Windows Firewall Logging Bug

Microsoft has acknowledged mislabeling a Windows Firewall logging issue as resolved in recent updates, confirming the problem...

WeTransfer Clarifies AI Data Usage Policy Following User Backlash

News

WeTransfer Clarifies AI Data Usage Policy Following User Backlash

WeTransfer, the popular file-sharing service, has clarified that user-uploaded files are not used to train artificial intelligence...

UK NCSC Launches Vulnerability Research Initiative to Engage External Security Experts

Threat Intelligence

UK NCSC Launches Vulnerability Research Initiative to Engage External Security Experts

The UK’s National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) designed to...

Gigabyte Motherboard UEFI Vulnerabilities Expose Systems to Persistent Bootkit Malware

CVE News

Gigabyte Motherboard UEFI Vulnerabilities Expose Systems to Persistent Bootkit Malware

Security researchers have identified critical vulnerabilities in Gigabyte motherboards that allow attackers to bypass Secure Boot and...

McDonald’s AI Hiring Chatbot Exposes 64 Million Applicants’ Data via Default Credentials

Data Breach

McDonald’s AI Hiring Chatbot Exposes 64 Million Applicants’ Data via Default Credentials

McDonald’s AI-powered hiring chatbot, “Olivia,” developed by Paradox.ai, exposed the personal data of over 64 million job...

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

CVE News

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

Proof-of-concept (PoC) exploits for a critical SQL injection (SQLi) vulnerability in Fortinet FortiWeb have been publicly released,...

Gravity Forms Compromised in Supply-Chain Attack: Backdoored Plugins Distributed via Official Website

CVE News

Gravity Forms Compromised in Supply-Chain Attack: Backdoored Plugins Distributed via Official Website

The developers of Gravity Forms, a widely used WordPress plugin with over 1 million active installations, have...

NVIDIA’s GDDR6 Rowhammer Mitigation Guidance: Technical Analysis and Industry Implications

Red-Team

NVIDIA’s GDDR6 Rowhammer Mitigation Guidance: Technical Analysis and Industry Implications

NVIDIA has issued guidance urging users to enable System Level Error-Correcting Code (ECC) protections for GDDR6-equipped GPUs...

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

CVE News

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

A critical vulnerability in OpenVSX, the open-source extension marketplace used by popular VS Code forks like Cursor...

Windows 11’s Shift to JScript9Legacy: Security Gains and Compatibility Trade-offs

News

Windows 11’s Shift to JScript9Legacy: Security Gains and Compatibility Trade-offs

Microsoft has replaced the legacy JScript engine with JScript9Legacy in Windows 11 version 24H2 and later, marking...

Posts pagination

Previous 1 2 3 4 5 6 7 8 … 24 Next

vulnerability

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

The Evolution and Security Implications of QR Codes

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

Microsoft 365 to Block Insecure FPRPC Protocol by Default: Security Implications and Configuration Guide

Autoswagger: Open-Source Tool Detects API Authorization Flaws Before Attackers Do

Age Verification on Porn Sites: Security and Privacy Implications

Hardening Active Directory Against Kerberoasting Attacks

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

Arch Linux Removes Malicious AUR Packages Distributing Chaos RAT

Microsoft Retracts False Fix Claim for Windows Firewall Logging Bug

WeTransfer Clarifies AI Data Usage Policy Following User Backlash

UK NCSC Launches Vulnerability Research Initiative to Engage External Security Experts

Gigabyte Motherboard UEFI Vulnerabilities Expose Systems to Persistent Bootkit Malware

McDonald’s AI Hiring Chatbot Exposes 64 Million Applicants’ Data via Default Credentials

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

Gravity Forms Compromised in Supply-Chain Attack: Backdoored Plugins Distributed via Official Website

NVIDIA’s GDDR6 Rowhammer Mitigation Guidance: Technical Analysis and Industry Implications

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

Windows 11’s Shift to JScript9Legacy: Security Gains and Compatibility Trade-offs

You may have missed

Dark Web Data Exposure: Technical Analysis and Response for Security Professionals

Misinformation as a Threat Vector: Lessons from the Brown University Shooting Investigation

Google’s Gmail Address Change: A New Vector for Account Takeover and Social Engineering

The AI Investment Surge in India: A Strategic Analysis for Security Leaders