A critical vulnerability in the popular file-sharing tool ZendTo allows authenticated users to traverse system paths and access or modify sensitive files belonging to other users. The flaw, tracked as CVE-2025-34508, affects ZendTo versions 6.15-7 and …

Security researchers have observed renewed exploit campaigns targeting an eight-year-old backdoor in Hikvision cameras to harvest configuration files, user lists, and snapshots. Attackers automate scans across IP ranges, appending a base64-encoded “aut…

A critical vulnerability in the Linux Kernel’s ksmbd file sharing component allows remote attackers to execute code with kernel privileges. Tracked as CVE-2025-38561, this flaw affects Linux distributions that include the ksmbd SMB server implementatio…

A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library allows attackers to achieve remote code execution with root privileges. Discovered by the Trend Micro Zero Day Initiative (ZDI) Threat Hunting Team, the flaw stems from unsafe deseria…

Cisco has disclosed a critical zero-day vulnerability in its IOS and IOS XE software that is being actively exploited by threat actors in real-world attacks. The flaw, tracked as CVE-2025-20352, affects the Simple Network Management Protocol (SNMP) sub…

A newly disclosed flaw in OnePlus OxygenOS lets any app on a device read SMS and MMS messages without asking the user. Tracked as CVE-2025-10184, the issue stems from a permission bypass in the Telephony content provider (com.android.providers.telephon…

A serious security flaw in the Salesforce CLI installer (sf-x64.exe) has been assigned CVE-2025-9844. This weakness allows attackers to execute arbitrary code with SYSTEM-level privileges on Windows machines. Users who installed Salesforce CLI from unt…

A critical vulnerability in SolarWinds Web Help Desk (WHD) could allow attackers to escalate privileges and execute arbitrary code on affected systems. SolarWinds has released Web Help Desk 12.8.7 Hotfix 1 to address CVE-2025-26399, a deserialization f…