patches

2 days ago

Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic

A critical vulnerability (CVE-2025-6031) has been identified in Amazon Cloud Cam devices, which reached end-of-life (EOL) status in December 2022.…
Read More »
2 days ago

Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access

A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of…
Read More »
2 days ago

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware’s Spring Framework has been patched, affecting multiple versions of the…
Read More »
4 days ago

Privilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root Actions

Palo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated as CVE-2025-4231, affecting the management web…
Read More »
6 days ago

Microsoft Patch Tuesday June 2025 – 66 Vulnerabilities Patched Including 2 Zero-Day

Microsoft has released its June 2025 Patch Tuesday security updates, addressing a total of 66 vulnerabilities across its software ecosystem.…
Read More »
2 weeks ago

Critical Dell PowerScale Vulnerability Allows Attackers Unauthorized Access to Filesystem

Dell Technologies has issued a critical security advisory (DSA-2025-208) for its PowerScale OneFS operating system, addressing multiple vulnerabilities that could…
Read More »
2 weeks ago

Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates

A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations…
Read More »
3 weeks ago

Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches

At this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against Mozilla Firefox, targeting the browser’s content…
Read More »
3 weeks ago

GenAI Assistant DIANNA Uncovers New Obfuscated Malware

Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This malware, reportedly crafted with the…
Read More »
3 weeks ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier.…
Read More »