In August 2024, SonicWall issued security advisory SNWLID-2024-0015, disclosing an improper access control vulnerability in SSLVPN across Gen5, Gen6, and Gen7 devices. The flaw enabled attackers to bypass restrictions and gain access under specific...
Experts at Oasis Security have reported a vulnerability in the Cursor code editor that enables arbitrary tasks to be executed upon opening a repository. The issue arises because, unlike Visual Studio Code, Cursor has...
Microsoft has issued a warning about two flaws in Windows BitLocker that could allow a local attacker—or malware already running on a machine—to escalate privileges and seize control of the system. Both defects are...
Millions of individuals and organizations entrust Google Drive with the storage of contracts, reports, photographs, and work documents, relying on the Windows desktop client to synchronize files between local folders and the cloud. Yet...
In its September Patch Tuesday release, Microsoft delivered a sweeping package of updates, addressing 81 vulnerabilities across its products and services. Among them were nine critical flaws, including two zero-day vulnerabilities, which drew the...
An independent researcher named Alexander Popov has unveiled a novel exploitation technique for a critical Linux kernel vulnerability, identified as CVE-2024-50264. This use-after-free flaw in the AF_VSOCK subsystem has existed since kernel version 4.8...
A newly disclosed vulnerability in the HTTP/2 protocol, dubbed MadeYouReset (CVE-2025-8671), was revealed on August 13, 2025. The flaw allows an attacker to send specially crafted protocol frames that force the server to repeatedly...
A critical vulnerability has been identified in Apache Jackrabbit, exposing systems to remote code execution and the potential compromise of corporate infrastructure. Tracked as CVE-2025-58782, the flaw impacts two key components — Jackrabbit Core...
Two security researchers, operating under the pseudonyms BobDaHacker and BobTheShoplifter, have claimed to uncover “catastrophic” vulnerabilities in the systems of Restaurant Brands International (RBI)—the parent company of Burger King, Tim Hortons, and Popeyes, which...
A critical vulnerability, CVE-2025-42957, has been identified in SAP S/4HANA, carrying a near-maximum CVSS score of 9.9. The flaw enables users with only minimal privileges to execute arbitrary code, effectively granting them full control...
On August 20, Apple released an unscheduled security update for all major platforms—iOS, iPadOS, macOS, and others. The patch addresses CVE-2025-43300, a buffer overflow vulnerability in the ImageIO framework, by enforcing stricter boundary checks...
PortSwigger researcher Gareth Hayes has unveiled a novel technique for stealing data directly from HTML attributes using inline CSS, without relying on selectors or external style sheets. The discovery was made possible by the...
