privilege
-
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack
A campaign attributed to APT-Q-27 (GoldenEyeDog), a Chinese group targeting Web3, is leveraging deceptive fake screenshot links delivered through support…
Read More » -
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Aqua Security’s vulnerability scanner, Trivy, faced a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, exploited prior…
Read More » -
AstraZeneca Data Breach Allegedly Claimed by LAPSUS$ as Internal Data Access Reported
The notorious hacking collective known as LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving multinational pharmaceutical…
Read More » -
VoidStealer Malware Cracks Chrome’s Master Encryption Key with Novel Hardware Breakpoint Technique
An information stealer called VoidStealer employs a novel technique to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key…
Read More » -
CISA Calls on Organizations to Strengthen Microsoft Intune Security After Stryker Incident
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert calling on organizations to aggressively harden their endpoint…
Read More » -
New Critical MediaTek Vulnerability Exposes Android Phone PINs to Theft in 45 seconds
A newly discovered hardware vulnerability in the MediaTek Dimensity 7300 chipset is putting millions of Android users at risk. By…
Read More » -
Microsoft Active Directory Flaw Allows Attackers to Escalate Privileges
Microsoft has released a critical security update addressing a high-severity elevation of privilege vulnerability in Active Directory Domain Services (AD…
Read More » -
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution
A high-severity security vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local…
Read More » -
Honeywell Controllers Widely Exposed Without Authentication
Security researchers at Zero Science Lab have disclosed a critical vulnerability in Honeywell’s Trend IQ4xx series of Building Management System…
Read More » -
React2Shell Vulnerability Exploited in the Wild, Analysts Warn
A critical vulnerability, known as React2Shell (CVE-2025-55182), has been discovered in React Server Components, affecting multiple React versions across the…
Read More » -
PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernel POSIX CPU Timers
A newly discovered vulnerability in the Linux kernel’s POSIX CPU timers has been exposed, with a detailed proof-of-concept demonstrating one…
Read More » -
Microsoft Brokering File System Vulnerability Enables Local Privilege Escalation
Microsoft has recently patched a critical vulnerability in its Brokering File System (BFS) driver, which could have allowed attackers to…
Read More » -
Hackers Actively Exploit SonicWall SMA1000 Zero-Day to Escalate Privileges
SonicWall has released an urgent security advisory regarding the active exploitation of a local privilege escalation vulnerability affecting its SMA1000…
Read More » -
Microsoft Desktop Window Manager Flaw Allows Privilege Escalation
A critical vulnerability has been identified in the Windows Desktop Window Manager (DWM) that could potentially allow attackers to escalate…
Read More » -
JumpCloud Remote Assist Windows Agent Vulnerability Allows Privilege Escalation
A critical vulnerability has been discovered in the JumpCloud Remote Assist for Windows agent, allowing low-privileged users to gain NT…
Read More » -
High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking
A critical stored cross-site scripting (XSS) vulnerability has been discovered in Ivanti Endpoint Manager (EPM), allowing unauthenticated attackers to hijack…
Read More » -
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws
Zoom has released security patches to address two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. These…
Read More » -
Makop Ransomware Evolves with Advanced Evasion Techniques and Exploit Arsenal
Makop, a ransomware strain derived from Phobos, continues to pose a significant threat by exploiting exposed Remote Desktop Protocol (RDP)…
Read More »