-
Microsoft has addressed a critical use-after-free vulnerability in its Brokering File System (BFS) driver that could allow attackers to escalate privileges on Windows systems. Tracked as CVE-2025-29970, the security flaw affects the bfs.sys component a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated kernel exploits targeting Android devices. CVE-2025-38352 represents a use-after-fr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical firmware vulnerability affecting motherboards from major manufacturers including Gigabyte, MSI, ASRock, and ASUS has been discovered by Riot Games’ Vanguard anti-cheat team. The vulnerability, dubbed “Sleeping Bouncer,” all…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Shadowserver Foundation has identified over 25,000 internet-facing Fortinet devices globally with FortiCloud Single Sign-On (SSO) functionality enabled, raising concerns about potential exposure to critical authentication bypass vulnerabilities. Th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Teams users worldwide experienced significant service disruptions on December 20, 2025, as the collaboration platform encountered widespread issues affecting messaging functionality and other critical service operations. The company has ackno…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Pillar Security has identified a critical indirect prompt injection vulnerability in Docker’s ‘Ask Gordon’ assistant. By poisoning metadata on Docker Hub, attackers could bypass security to exfiltrate private build logs and chat history. Discover how t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution vulnerability in Gladinet Triofox is now under active exploitation by threat actors, and security researchers have demonstrated that weaponizing the flaw requires far more sophistication than initial analyses suggest. C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Apache Software Foundation has released a critical security update for its widely used Log4j logging library. A newly discovered vulnerability, tracked as CVE-2025-68161, allows attackers to intercept or redirect sensitive log data by exploiting a …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has released critical security updates to address a dangerous cross-site scripting (XSS) vulnerability affecting multiple versions of Kibana. The vulnerability, tracked as CVE-2025-68385, allows authenticated attackers to inject malicious scrip…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communica…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
