A critical vulnerability has been discovered in the Cursor source code editor, an AI-powered tool designed to assist programmers. The flaw, identified as CVE-2025-54135 and dubbed CurXecute, affects nearly all versions of the IDE...
In the autumn of 2024, the InfoSect bug hunting team prepared a remote code execution attack targeting the Synology TC500 IP camera for entry in the Pwn2Own Ireland competition. The exploitation hinged on a...
A critical vulnerability has been discovered in the widely used WordPress theme “Alone — Charity Multipurpose Non-profit”, which is already being exploited by malicious actors to compromise websites. Tracked as CVE-2025-5394, the flaw has...
Researchers at Bitdefender have disclosed two critical vulnerabilities in the firmware of Dahua smart surveillance cameras. These flaws, rooted in the ONVIF protocol implementation and the file upload mechanism, enable attackers to gain full...
A critical vulnerability has been discovered in Google’s newly released command-line interface tool, Gemini CLI, which could allow attackers to covertly execute malicious commands and exfiltrate data from developers’ machines—provided certain commands are permitted...
In mid-July, cybersecurity experts at Kaspersky Lab reported a widespread campaign targeting on-premises Microsoft SharePoint servers across the globe. The exploit chain, dubbed ToolShell, enables attackers to gain full control over vulnerable systems by...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in the widely used print management software, PaperCut NG and MF. The flaw,...
Smart devices within a network are no longer mere assistants — they are potential adversaries. With every internet-connected thermostat or television, a new fissure emerges in the digital infrastructure. This truth is underscored by...
Microsoft has acknowledged that its July security updates failed to fully address vulnerabilities in on-premises versions of SharePoint, leaving systems susceptible to remote code execution. As a result, targeted attacks have continued, with experts...
Researchers have uncovered a stealthy backdoor within WordPress, cunningly disguised as a system file within the mu-plugins directory—a special location designated for must-use plugins. This strategic placement enables threat actors to establish a persistent...
On July 22, 2025, Mozilla unveiled the Firefox 141 update, a release focused on enhancing browser security. According to security bulletin MFSA 2025-56, the update addresses 18 vulnerabilities, including flaws in the JavaScript engine,...
Microsoft has confirmed that three China-linked threat groups were behind the recent wave of attacks targeting on-premises SharePoint Server installations. According to the company’s report, since early July, the vulnerabilities identified as CVE-2025-53770 and...
Recently uncovered critical vulnerabilities in Cisco’s infrastructure are already being actively exploited by malicious actors to compromise corporate networks. The company has officially confirmed that its Product Security Incident Response Team (PSIRT) has observed...
A few days ago, we reported on the critical zero-day vulnerability CVE-2025-53770 in Microsoft SharePoint Server, an enhanced iteration of the previously identified flaw CVE-2025-49706. At the time, it was known that the issue...
A critical vulnerability has been discovered in Microsoft SharePoint Server, now actively exploited as part of a widespread cyberattack campaign. The flaw, identified as CVE-2025-53770, carries a staggering severity score of 9.8 out of...
Cisco has issued an updated advisory regarding a critical vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. This flaw enables remote attackers to execute arbitrary code on the...
