-
Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371). The flaw lets attackers read sensitive files without logging in. Once they grab the machine key, they…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two critical vulnerabilities in 7-Zip’s handling of ZIP archives have emerged, enabling remote attackers to execute arbitrary code by exploiting directory traversal flaws. Both issues stem from improper processing of symbolic links within ZIP files, al…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit has been published for a critical flaw in the secure boot process of the Nothing Phone (2a) and CMF Phone 1. This exploit can break the chain of trust and allow full code execution at the highest privilege level, posing a sev…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher Norbert Szetei published the final installment of his deep-dive into the ksmbd filesystem module, culminating in a working proof-of-concept exploit targeting CVE-2025-37947. Unlike earlier use-after-free candidates that required com…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CrowdStrike has disclosed two critical vulnerabilities affecting its Falcon sensor for Windows that could enable attackers to delete arbitrary files and potentially compromise system stability. The cybersecurity company released patches for both securi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified two significant vulnerabilities in Nagios Log Server that expose critical system information and allow unauthorized service manipulation. The vulnerabilities, tracked as CVE-2025-44823 and CVE-2025-44824, affect ver…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during l…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaw…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the co…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued a warning about a new zero-day cross-site scripting (XSS) flaw in the Zimbra Collaboration Suite (ZCS). This vulnerability is already in use by attackers to hijack user sessions, steal data, and push malicious filters. Organizations run…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
