A privilege escalation vulnerability in Microsoft Windows systems is once again being actively exploited, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned, adding the flaw to its official catalog of known exploited...
The OpenSSH development team has announced the release of OpenSSH 10.1, marking a new stable version of the widely used secure communication suite. Build archives will soon be available on the project’s official mirrors....
Redis, one of the most widely used in-memory caching and database systems, has faced a startling revelation: a critical vulnerability had silently existed in its codebase for thirteen years. The flaw, identified as CVE-2025-49844...
The Storm-1175 group, linked to the operators behind the Medusa ransomware, has been actively exploiting a critical vulnerability in GoAnywhere MFT for nearly a month to infiltrate corporate networks. The flaw, tracked as CVE-2025-10035,...
The U.S. Army has resolved critical cybersecurity flaws in the prototype of its new Next Generation Command and Control (NGC2) system — a project regarded as a cornerstone of the military’s digital transformation. Early...
Researchers at StrikeReady uncovered a targeted campaign exploiting a zero-day in the Zimbra Collaboration Suite (ZCS) — a widely used open-source mail platform deployed by numerous governments and enterprises. Tracked as CVE-2025-27915, the flaw...
Oracle has warned of a zero-day vulnerability in E-Business Suite, designated CVE-2025-61882, that permits unauthenticated remote arbitrary code execution. The flaw is already being actively exploited by the Clop group in data-theft operations, making...
The LayerX team has disclosed the mechanics of a novel attack dubbed CometJacking, which exploits the AI-enabled Comet browser from Perplexity. Comet embeds an assistant with access to email, calendar, and other linked services;...
Researcher RyotaK of GMA Flatt Security discovered a serious vulnerability in the Unity game engine—tracked as CVE-2025-59489—which allows a co-resident application on the same device to inject additional command-line parameters into Unity games, creating...
The vulnerability rewards platform HackerOne has announced that over the past twelve months, white-hat hackers around the world have earned a total of $81 million in payouts — a 13% increase compared to the...
Google has released the stable version of Chrome 141.0.7390.54/55 for Windows, macOS, and Linux. The update will roll out over the coming days and weeks, addressing 21 security vulnerabilities of varying severity — including...
Researchers from Johns Hopkins University and several other institutions have demonstrated a novel, server-side attack against Intel SGX that achieves full extraction of the DCAP attestation key — notably using hardware costing under $1,000....
