Hackers successfully exploited recently discovered vulnerabilities in local Microsoft SharePoint servers, resulting in the leakage of personal data in the United Kingdom. Within days of the flaws being disclosed, three British organizations reported breaches...
Popular browser extensions used for password management have been found vulnerable to a novel attack technique known as DOM-based extension clickjacking. The method was unveiled by independent researcher Marek Tot at DEF CON 33....
Apple has released critical security updates for iOS, iPadOS, and macOS addressing a newly discovered zero-day vulnerability already being actively exploited in the wild. Tracked as CVE-2025-43300, the flaw affects the ImageIO framework and...
Experts at Red Canary have uncovered an unusual campaign leveraging a newly identified strain of malware, DripDropper, specifically targeting cloud-based Linux servers. The attackers gained initial access through CVE-2023-46604 in Apache ActiveMQ, after which...
A serious incident was recently uncovered on Lenovo’s website involving its corporate chatbot, Lena, designed to assist customers. Cybernews researchers revealed that Lena was vulnerable to an XSS-based attack chain, enabling attackers—through nothing more...
A team of researchers has unveiled a new framework, SNI5GECT, which exposes vulnerabilities in fifth-generation mobile networks at the very earliest stages of connection establishment. Unlike attacks that rely on counterfeit base stations—complex to...
Researchers at Cymulate Research Labs have disclosed a new vulnerability in Windows that allows attackers to bypass Microsoft’s recent patch and once again exfiltrate NTLM hashes without any user interaction. The flaw, tracked as...
Cisco has issued an advisory regarding a critical vulnerability in the RADIUS subsystem of its Secure Firewall Management Center software. Tracked as CVE-2025-20265, the flaw has received the maximum CVSS score of 10.0. It...
Zoom has patched a critical vulnerability in its Windows clients, while Xerox has issued fixes for severe flaws in its FreeFlow Core system. Both issues posed significant threats—ranging from privilege escalation to remote code...
The Trustwave SpiderLabs research team has documented a fresh wave of EncryptHub attacks, in which the human element and the exploitation of a Microsoft Management Console (MMC) vulnerability converge into a single, cohesive campaign....
A newly discovered attack on the HTTP/2 protocol, dubbed MadeYouReset, has been unveiled by researchers from Tel Aviv University and disclosed following coordinated reporting through Akamai’s bug bounty program. Although Akamai’s own HTTP/2 implementation...
Fortinet has disclosed a critical vulnerability in its FortiSIEM system, already accompanied by a working exploit circulating publicly. The flaw enables a remote, unauthenticated attacker to execute arbitrary commands on the targeted system, making...
The Matrix Foundation, the organization behind the eponymous federated communication protocol, has announced the release of an unscheduled update addressing two high-severity vulnerabilities which, if successfully exploited, could have had critical consequences. According to...
Security experts at SafeBreach have disclosed the details of a vulnerability in the Windows Remote Procedure Call (RPC) protocol, patched by Microsoft in the July 2025 security update. Tracked as CVE-2025-49760 with a CVSS...
A vulnerability was discovered in the online access system for auto dealers of one of the world’s largest car manufacturers—uncovered simply by examining the page’s code. Security researcher Eitan Zwer of Harness reported that...
A recently patched vulnerability in WinRAR, identified as CVE-2025-8088, was exploited in targeted phishing attacks even before a fix became available. The flaw, classified as a Directory Traversal vulnerability and addressed only in WinRAR...
