The U.S. National Nuclear Security Administration (NNSA), a division of the Department of Energy tasked with maintaining and safeguarding the nation’s nuclear arsenal, has found itself at the center of one of the most...
On July 22, 2025, Mozilla unveiled the Firefox 141 update, a release focused on enhancing browser security. According to security bulletin MFSA 2025-56, the update addresses 18 vulnerabilities, including flaws in the JavaScript engine,...
Security researcher Sergey Bliznyuk of Positive Technologies has published a detailed analysis of critical vulnerabilities in the VGAuth component of VMware Tools, which enable a low-privileged local user to gain full SYSTEM-level access on...
Microsoft has confirmed that three China-linked threat groups were behind the recent wave of attacks targeting on-premises SharePoint Server installations. According to the company’s report, since early July, the vulnerabilities identified as CVE-2025-53770 and...
Recently uncovered critical vulnerabilities in Cisco’s infrastructure are already being actively exploited by malicious actors to compromise corporate networks. The company has officially confirmed that its Product Security Incident Response Team (PSIRT) has observed...
ExpressVPN has resolved a vulnerability in its Windows client that allowed Remote Desktop Protocol (RDP) connections to bypass the VPN tunnel, thereby exposing users’ real IP addresses. The issue affected versions 12.97 through 12.101.0.2-beta...
AI-powered programming tools are rapidly gaining popularity, and one of the most prominent—Cursor—has introduced a new YOLO mode (short for “you only live once”) that enables its agent to execute complex sequences of actions...
A few days ago, we reported on the critical zero-day vulnerability CVE-2025-53770 in Microsoft SharePoint Server, an enhanced iteration of the previously identified flaw CVE-2025-49706. At the time, it was known that the issue...
The CrushFTP service has encountered a newly discovered critical vulnerability, already being exploited in active attacks. Designated CVE-2025-54309 and assigned a CVSS severity score of 9.0, the flaw stems from improper handling of AS2...
Hewlett-Packard Enterprise has issued a critical security advisory concerning a severe vulnerability in Aruba Instant On access points. Embedded credentials have been discovered within the devices, enabling malicious actors to bypass standard authentication and...
A critical vulnerability has been discovered in Microsoft SharePoint Server, now actively exploited as part of a widespread cyberattack campaign. The flaw, identified as CVE-2025-53770, carries a staggering severity score of 9.8 out of...
Wiz, a cybersecurity firm specializing in cloud infrastructure protection, has uncovered a critical vulnerability in the NVIDIA Container Toolkit, identified as CVE-2025-23266 and rated 9.0 on the CVSS scale. Dubbed “NVIDIAScape,” the flaw poses...
Cisco has issued an updated advisory regarding a critical vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. This flaw enables remote attackers to execute arbitrary code on the...
A newly discovered vulnerability in Windows Server 2025—dubbed Golden dMSA—poses a grave risk of widespread compromise across entire Active Directory infrastructures, according to a technical report published by enterprise cybersecurity firm Semperis. The issue...
During the Pwn2Own Berlin 2025 competition, security researcher Manfred Paul successfully demonstrated an attack against the Mozilla Firefox browser’s rendering process by exploiting a vulnerability in the IonMonkey JIT compiler. Although he did not...
Google has announced the successful discovery of a critical vulnerability in the widely used SQLite database engine—identified and neutralized before it could be exploited in real-world attacks. The flaw was uncovered by Big Sleep,...
