flaws

June 27, 2025

Pre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoS

A critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input…
Read More »
June 26, 2025

CISA Issues Alert on ControlID iDSecure Flaws Enabling Bypass Authentication

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding critical vulnerabilities in ControlID’s iDSecure On-premises software,…
Read More »
June 23, 2025

Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation

Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and…
Read More »
June 22, 2025

Mattermost Vulnerabilities Let Attackers Execute Remote Code Via Path Traversal

Mattermost, a widely-used open-source collaboration platform, has recently disclosed critical vulnerabilities in its software that could allow attackers to execute…
Read More »
June 21, 2025

Prometei Botnet Targets Linux Servers for Cryptocurrency Mining Operations

Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting…
Read More »
June 20, 2025

Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware

China’s National Cybersecurity Notification Center has issued an urgent warning about critical vulnerabilities in ComfyUI, a widely used image-generation framework…
Read More »
June 18, 2025

Veeam Vulnerabilities Expose Backup Servers to Remote Attacks

Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software.…
Read More »
June 17, 2025

Apache Tomcat Flaws Allow Auth Bypass and DoS Attacks

The Apache Software Foundation has released critical security updates to address four newly discovered vulnerabilities in Apache Tomcat, one of…
Read More »
June 14, 2025

Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access

A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of…
Read More »
June 11, 2025

Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers

Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025…
Read More »
June 11, 2025

Microsoft Patch Tuesday June 2025 – 66 Vulnerabilities Patched Including 2 Zero-Day

Microsoft has released its June 2025 Patch Tuesday security updates, addressing a total of 66 vulnerabilities across its software ecosystem.…
Read More »
May 30, 2025

MICI NetFax Server Flaws Allow Attackers to Execute Remote Code

In a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd’s NetFax Server, affecting all…
Read More »
May 29, 2025

UTG-Q-015 Hackers Launch Massive Brute-Force Attacks on Government Web Servers

The hacker group UTG-Q-015, first identified in December 2024 for mounting attacks on major websites like CSDN, has escalated its…
Read More »
May 26, 2025

Severe vBulletin Flaw Allows Remote Code Execution by Attackers

A newly discovered vulnerability in vBulletin, one of the world’s most popular commercial forum platforms, has highlighted the dangers of…
Read More »
May 24, 2025

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier.…
Read More »
May 23, 2025

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity…
Read More »
May 22, 2025

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light on critical security flaws in .NET-based…
Read More »
May 22, 2025

Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication

Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform used…
Read More »
May 16, 2025

Jenkins Released Security Updates – Multiple Vulnerabilities Fixed That Allow Attackers to Exploit CI/CD Pipelines

Jenkins, the widely used automation server for CI/CD pipelines, has released a critical security advisory addressing several vulnerabilities in popular…
Read More »
May 14, 2025

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

CVE Number CVE Title Impact Max Severity CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability Remote Code Execution Critical CVE-2025-29967…
Read More »

Previous page Next page