Researchers at Tenable have disclosed three vulnerabilities in Google’s Gemini AI, flaws that enabled data theft and remote exploitation. Collectively dubbed the “Gemini Trifecta,” these issues affected distinct modules of the assistant. The first...
More than 48,000 Cisco ASA and Firepower Threat Defense (FTD) firewalls remain unprotected against two critical vulnerabilities that are already being actively exploited. Tracked as CVE-2025-20333 and CVE-2025-20362, these flaws allow remote code execution...
A team of researchers has developed a simple hardware tool that calls into question the very foundations of trusted computing in modern cloud environments. With a device costing less than fifty dollars, they successfully...
Broadcom has patched a critical privilege escalation vulnerability in VMware Aria Operations and VMware Tools, which had been actively exploited as a zero-day since October 2024. The flaw, tracked as CVE-2025-41244, was not initially...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the widely used Sudo utility—employed across Linux and Unix-like systems—to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-32463 and...
Specialists have disclosed a new critical vulnerability in the wireless network configuration procedure of Unitree robots. The flaw, dubbed UniPwn, was detailed on September 20 and affects the quadruped models Go2 and B2, as...
The world’s leading cybersecurity agencies have issued urgent warnings of a critical threat to global network infrastructure: vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower systems are under heavy, coordinated attack. The alarm...
Researchers from WatchTowr Labs have reported active exploitation of a critical vulnerability in Fortra’s GoAnywhere MFT file transfer management system. Tracked as CVE-2025-10035, the flaw stems from a deserialization bug in the License Servlet...
Researcher Nicholas Zubriski of Trend Research has disclosed a critical flaw in the ksmbd component of the Linux kernel, enabling attackers to remotely execute arbitrary code with the highest system privileges. The vulnerability, tracked...
Supermicro server motherboards contain critical vulnerabilities in their Baseboard Management Controller (BMC): researchers at Binarly discovered a way to install malicious firmware that executes before the operating system and is effectively irreversible. Reportedly, one...
A critical vulnerability, CVE-2025-10184, has been identified in the OxygenOS operating system used on OnePlus smartphones, allowing any application on the device to read the contents of SMS messages and related metadata without requesting...
Cisco has released security updates addressing a zero-day in IOS and IOS XE that is already being exploited in the wild. CVE-2025-20352 is a stack-based buffer-overflow in the SNMP subsystem that affects any device...
