privilege
-
ArmouryLoader Bypasses Security Protections to Inject Malicious Code
ArmouryLoader and other malicious code loaders have become essential tools for introducing Trojan-type payloads into hacked systems in the ever-changing…
Read More » -
Elephant APT Group Exploits VLC Player and Encrypted Shellcode in Attacks on Defense Sector
Arctic Wolf Labs has uncovered a sophisticated cyber-espionage operation attributed to the Dropping Elephant advanced persistent threat (APT) group, also…
Read More » -
Ransomware Groups Weaponize RMM Tools to Infiltrate Networks and Exfiltrate Data
Ransomware gangs have increasingly co-opted Remote Monitoring and Management (RMM) tools originally designed for IT operations to orchestrate sophisticated network…
Read More » -
Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks
A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated…
Read More » -
Sophos Intercept X for Windows Flaws Enable Arbitrary Code Execution
Sophos has disclosed three critical security vulnerabilities in its Intercept X for Windows endpoint security solution that could allow attackers…
Read More » -
Lenovo Vantage Flaws Enable Attackers to Gain SYSTEM-Level Privileges
Security researchers at Atredis have uncovered multiple privilege escalation vulnerabilities in Lenovo Vantage, a pre-installed management platform on Lenovo laptops…
Read More » -
Microsoft Explains How Security Copilot in Intune and Entra Supports Security and IT Teams
Microsoft has detailed how its Security Copilot, an AI-powered tool, is transforming security and IT operations by embedding generative AI…
Read More » -
Gigabyte UEFI Firmware Vulnerability Allows Code Execution in SMM Privileged Mode
Critical security vulnerabilities in Gigabyte motherboard firmware have been disclosed that allow attackers to execute arbitrary code in System Management…
Read More » -
Mis-scoped AWS Organizations Policy Allowed Hackers to Seize Full Control of AWS Environment
Security professionals have uncovered serious vulnerabilities in AWS Organizations in a ground-breaking study by Cymulate Research Labs that might allow…
Read More » -
macOS SMBClient Flaw Enables Remote Code Execution and Kernel Crashes
A critical vulnerability has been discovered in Apple’s macOS SMBClient, exposing millions of users to the risk of remote code…
Read More » -
Scattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and Persistence
Scattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially…
Read More » -
SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are
Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s…
Read More » -
Threat Actors Exploit Windows and Linux Server Vulnerabilities to Deploy Web Shells
Threat actors have been observed exploiting file upload vulnerabilities to deploy web shells and advanced malware on both Windows and…
Read More » -
TeamViewer for Windows Vulnerability Lets Hackers Delete Files with SYSTEM Rights
A critical security vulnerability has been discovered in TeamViewer Remote Management for Windows, exposing systems to potential privilege escalation attacks.…
Read More » -
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation
Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and…
Read More » -
Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine
The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed…
Read More » -
Veeam Vulnerabilities Expose Backup Servers to Remote Attacks
Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software.…
Read More » -
Apache Tomcat Flaws Allow Auth Bypass and DoS Attacks
The Apache Software Foundation has released critical security updates to address four newly discovered vulnerabilities in Apache Tomcat, one of…
Read More » -
HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation
HashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to…
Read More » -
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via…
Read More »