A vulnerability has been unearthed within the widespread EspoCRM customer management architecture, a profound frailty that transmutes administrative access into absolute, sovereign dominion over the host server. A mere half-dozen petitions are sufficient to...
In recent days it has become apparent that FortiWeb had been accumulating issues the manufacturer chose not to disclose in advance. After Fortinet acknowledged active exploitation of the critical vulnerability CVE-2025-64446 — which allows...
Google has altered its approach to Android security updates, breaking with a decade-long tradition of monthly vulnerability disclosures. In the July 2025 bulletin, the company reported no vulnerabilities whatsoever—a first in 120 publications. Yet...
Microsoft has issued a warning about two flaws in Windows BitLocker that could allow a local attacker—or malware already running on a machine—to escalate privileges and seize control of the system. Both defects are...
NetScaler has issued an urgent advisory warning administrators of three newly discovered vulnerabilities in NetScaler ADC and NetScaler Gateway—one of which is already being actively exploited. Updates are now available, and the vendor strongly...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The list includes two flaws in Citrix Session Recording and one in Git, all...
Cisco has issued an updated advisory regarding a critical vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. This flaw enables remote attackers to execute arbitrary code on the...
Fortinet has released critical security updates for FortiWeb, addressing a severe vulnerability that allowed unauthenticated attackers to execute arbitrary SQL queries remotely. The flaw, tracked as CVE-2025-25257, received a CVSS score of 9.6, placing...