Two Android vulnerabilities were actively exploited as zero-days before patches became available, according to Google’s December Android Security Bulletin. Both flaws affect the Framework component and enable data access and privilege escalation, making it...
EntraGoat is a deliberately vulnerable Microsoft Entra ID infrastructure designed to simulate real-world identity security misconfigurations and attack vectors. EntraGoat introduces intentional vulnerabilities in your environment to provide a realistic learning platform for security professionals....
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a high-severity flaw in the Linux kernel is being actively exploited in ransomware campaigns. The vulnerability in question is CVE-2024-1086 — a use-after-free...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered flaw in the Windows SMB component to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-33073, stems from an...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that a vulnerability in the Windows SMB protocol, identified as CVE-2025-33073, is already being actively exploited in real-world attacks. Classified as a...
Yesterday, Microsoft released its traditional October security update, addressing 172 vulnerabilities across its products. The patch includes six dangerous zero-day flaws and eight critical vulnerabilities — five enabling remote code execution, and three allowing...
A privilege escalation vulnerability in Microsoft Windows systems is once again being actively exploited, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned, adding the flaw to its official catalog of known exploited...
A developer operating under the handle 0xr0BIT has released a new Windows security-audit tool called TaskHound. It is designed to discover scheduled tasks that run with elevated privileges or that rely on stored credentials—assets...
Broadcom has patched a critical privilege escalation vulnerability in VMware Aria Operations and VMware Tools, which had been actively exploited as a zero-day since October 2024. The flaw, tracked as CVE-2025-41244, was not initially...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the widely used Sudo utility—employed across Linux and Unix-like systems—to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-32463 and...
Researcher Nicholas Zubriski of Trend Research has disclosed a critical flaw in the ksmbd component of the Linux kernel, enabling attackers to remotely execute arbitrary code with the highest system privileges. The vulnerability, tracked...
Microsoft has issued a warning about two flaws in Windows BitLocker that could allow a local attacker—or malware already running on a machine—to escalate privileges and seize control of the system. Both defects are...
