A new vulnerability has been discovered in OpenSSH — CVE-2025-61984 — which permits remote code execution (RCE) by abusing the ProxyCommand parameter and peculiarities in shell character handling. Exploitation is possible even in the...
The popular design tool Figma has faced a potential security threat due to a vulnerability in the Model Context Protocol (MCP) server, the framework underpinning its integration with AI-driven agents. The issue, discovered in...
Oracle has warned of a zero-day vulnerability in E-Business Suite, designated CVE-2025-61882, that permits unauthenticated remote arbitrary code execution. The flaw is already being actively exploited by the Clop group in data-theft operations, making...
Researcher RyotaK of GMA Flatt Security discovered a serious vulnerability in the Unity game engine—tracked as CVE-2025-59489—which allows a co-resident application on the same device to inject additional command-line parameters into Unity games, creating...
More than 48,000 Cisco ASA and Firepower Threat Defense (FTD) firewalls remain unprotected against two critical vulnerabilities that are already being actively exploited. Tracked as CVE-2025-20333 and CVE-2025-20362, these flaws allow remote code execution...
Researcher Nicholas Zubriski of Trend Research has disclosed a critical flaw in the ksmbd component of the Linux kernel, enabling attackers to remotely execute arbitrary code with the highest system privileges. The vulnerability, tracked...
Researchers from the ByteRay team have disclosed a critical vulnerability in TP-Link routers that enables remote execution of arbitrary code by bypassing Address Space Layout Randomization (ASLR). Tracked as CVE-2025-9961 (CVSS score: 8.6), the...
Penelope is a powerful shell handler built as a modern netcat replacement for RCE exploitation, aiming to simplify, accelerate, and optimize post-exploitation workflows. Features Session Features Description Unix with Python>=2.3 Unix without Python>=2.3 Windows...
Sangoma has issued an urgent alert regarding an actively exploited zero-day vulnerability in FreePBX installations where the Administrator Control Panel (ACP) is exposed to the internet. FreePBX, an open-source IP-PBX built on Asterisk, is...
A newly discovered critical vulnerability in Docker Desktop has placed Windows users at significant risk. Tracked as CVE-2025-9074 and rated 9.3 out of 10 on the CVSS scale, the flaw enables attackers to bypass...
Since the introduction of serialization through the Marshal module in the Ruby programming language, developers and security experts have been drawn into a protracted game of “bypass and patch.” The history of these vulnerabilities...
Cisco has issued an advisory regarding a critical vulnerability in the RADIUS subsystem of its Secure Firewall Management Center software. Tracked as CVE-2025-20265, the flaw has received the maximum CVSS score of 10.0. It...
