Researchers at Oligo Security have uncovered a vulnerability in Apple CarPlay that enables remote code execution with root privileges, granting attackers full control over a vehicle’s multimedia system. The flaw, registered as CVE-2025-24132, resides...
U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) demanding an investigation into Microsoft, accusing the company of “gross negligence” in the field of cybersecurity. The concern stems from...
In August 2024, SonicWall issued security advisory SNWLID-2024-0015, disclosing an improper access control vulnerability in SSLVPN across Gen5, Gen6, and Gen7 devices. The flaw enabled attackers to bypass restrictions and gain access under specific...
Experts at Oasis Security have reported a vulnerability in the Cursor code editor that enables arbitrary tasks to be executed upon opening a repository. The issue arises because, unlike Visual Studio Code, Cursor has...
Microsoft has issued a warning about two flaws in Windows BitLocker that could allow a local attacker—or malware already running on a machine—to escalate privileges and seize control of the system. Both defects are...
Millions of individuals and organizations entrust Google Drive with the storage of contracts, reports, photographs, and work documents, relying on the Windows desktop client to synchronize files between local folders and the cloud. Yet...
In its September Patch Tuesday release, Microsoft delivered a sweeping package of updates, addressing 81 vulnerabilities across its products and services. Among them were nine critical flaws, including two zero-day vulnerabilities, which drew the...
An independent researcher named Alexander Popov has unveiled a novel exploitation technique for a critical Linux kernel vulnerability, identified as CVE-2024-50264. This use-after-free flaw in the AF_VSOCK subsystem has existed since kernel version 4.8...
A newly disclosed vulnerability in the HTTP/2 protocol, dubbed MadeYouReset (CVE-2025-8671), was revealed on August 13, 2025. The flaw allows an attacker to send specially crafted protocol frames that force the server to repeatedly...
A critical vulnerability has been identified in Apache Jackrabbit, exposing systems to remote code execution and the potential compromise of corporate infrastructure. Tracked as CVE-2025-58782, the flaw impacts two key components — Jackrabbit Core...