The United States Cybersecurity and Infrastructure Security Agency (CISA) has once again augmented its repository of vulnerabilities identified in active, real-world incursions. The latest revision incorporates four distinct flaws within products from Samsung, SimpleHelp,...
A vulnerability has been unearthed within the widespread EspoCRM customer management architecture, a profound frailty that transmutes administrative access into absolute, sovereign dominion over the host server. A mere half-dozen petitions are sufficient to...
The Google Threat Intelligence Group (GTIG) has disclosed the extensive exploitation of a critical vulnerability, designated CVE-2025-8088, residing within the ubiquitous WinRAR archiving utility. Although the defect was remediated in the summer of 2025,...
A critical vulnerability has been unearthed within the ubiquitous JavaScript library jsPDF, a tool primarily utilized for the programmatic generation of PDF documents. This flaw empowers an adversary to manipulate file paths, thereby facilitating...
The ESET research team has published a detailed analysis revealing how the cyber-espionage group RomCom exploited a previously unknown path-traversal vulnerability in WinRAR (CVE-2025-8088) to stealthily install malicious software on victims’ computers. This flaw...
