An independent researcher named Alexander Popov has unveiled a novel exploitation technique for a critical Linux kernel vulnerability, identified as CVE-2024-50264. This use-after-free flaw in the AF_VSOCK subsystem has existed since kernel version 4.8...
At DEF CON 2025, researchers from Akamai unveiled a study on a critical vulnerability in Windows Server 2025 known as BadSuccessor (CVE-2025-53779), which allows low-privileged users to instantly escalate their access to Domain Admin....
Researchers at Resecurity have drawn attention to an exceptionally dangerous attack that enables adversaries to seize full control over an organization’s Active Directory domain infrastructure—all while exploiting default Windows configurations. The technique combines MITM6,...
Researchers at Cymulate Research Labs have disclosed a new vulnerability in Windows that allows attackers to bypass Microsoft’s recent patch and once again exfiltrate NTLM hashes without any user interaction. The flaw, tracked as...
Microsoft has introduced a new mechanism known as Nested App Authentication (NAA), which is steadily becoming a key component of the company’s cloud ecosystem. The concept is straightforward: if a user has already signed...
Zoom has patched a critical vulnerability in its Windows clients, while Xerox has issued fixes for severe flaws in its FreeFlow Core system. Both issues posed significant threats—ranging from privilege escalation to remote code...
Microsoft, in coordination with federal agencies, has issued a warning about a newly discovered, high-severity vulnerability in hybrid Exchange Server deployments that could allow an attacker with existing access to an on-premises server to...
At the Black Hat USA conference in Las Vegas, Naor Haziz, a researcher at Sweet Security, unveiled an attack dubbed ECScape, capable of completely undermining the trust-based security model of Amazon ECS. The vulnerability...
Microsoft has announced sweeping enhancements to its vulnerability rewards program for the .NET platform, significantly broadening its scope and increasing compensation for valid discoveries. Security researchers can now earn up to $40,000 for critical...
Researchers at Binarly have uncovered six critical vulnerabilities in BIOS firmware developed by Insyde Software and deployed in Lenovo desktop systems, particularly within the IdeaCentre AIO 3 and Yoga AIO product lines. All of...
ArmouryLoader has once again captured the attention of cybersecurity experts, emerging as one of the most technically sophisticated malware loaders in recent memory. Its architecture reflects a mature approach to evading defenses, employing stealthy...
Security researcher Sergey Bliznyuk of Positive Technologies has published a detailed analysis of critical vulnerabilities in the VGAuth component of VMware Tools, which enable a low-privileged local user to gain full SYSTEM-level access on...
