serisec

Category: Vulnerability

  • UDP Vulnerability in Windows Deployment Services Allows 0-Click System Crashes

    UDP Vulnerability in Windows Deployment Services Allows 0-Click System Crashes A newly discovered vulnerability in Microsoft’s Windows Deployment Services (WDS) allows attackers to remotely crash servers with zero user interaction or authentication.  The flaw, which targets the UDP-based TFTP service at the WDS, could allow even low-skilled attackers to paralyze enterprise OS deployment infrastructure in…

  • Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code

    Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code A critical security vulnerability (CVE-2025-29953) in Apache ActiveMQ’s NMS OpenWire Client has been disclosed, enabling remote attackers to execute arbitrary code on vulnerable systems. The flaw, rooted in unsafe deserialization of untrusted data, affects versions prior to 2.1.1 and poses significant risks to organizations using…

  • Zimbra Collaboration Server GraphQL Vulnerability Exposes Sensitive User Data

    Zimbra Collaboration Server GraphQL Vulnerability Exposes Sensitive User Data A critical Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration Server (ZCS) versions 9.0 through 10.1, tracked as CVE-2025-32354, allows attackers to execute unauthorized GraphQL operations and access sensitive user data.  The flaw resides in Zimbra’s webmail interface’s GraphQL endpoint (/service/extension/graphql), where improper CSRF token validation…

  • PowerDNS DNSdist Vulnerability Let Attackers Cause Denial of Service Condition

    PowerDNS DNSdist Vulnerability Let Attackers Cause Denial of Service Condition A high-severity vulnerability (CVE-2025-30194) in PowerDNS DNSdist, a widely used DNS load balancer and security tool, enables remote attackers to trigger denial-of-service (DoS) conditions by exploiting flaws in its DNS-over-HTTPS (DoH) implementation.  The vulnerability, disclosed in PowerDNS Security Advisory, affects DNSdist versions 1.9.0 through 1.9.8…

  • Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry

    Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls.  Designated CVE-2025-4095, the flaw allows developers to bypass registry restrictions enforced by administrators, potentially exposing organizations to malicious…

  • XDR In Penetration Testing: Leveraging Advanced Detection To Find Vulnerabilities

    XDR In Penetration Testing: Leveraging Advanced Detection To Find Vulnerabilities Extended Detection and Response (XDR) has emerged as a transformative security technology that unifies visibility across multiple security layers. When applied to penetration testing methodologies, XDR offers unprecedented capabilities for identifying vulnerabilities that might otherwise remain hidden. This article explores how security professionals can leverage…

  • Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid

    Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid A serious vulnerability related to information exposure (CVE-2025-22234) impacts several versions of the spring-security-crypto package. The flaw enables attackers to determine valid usernames through timing attacks, undermining a key security feature designed to prevent user enumeration.  The vulnerability affects Spring Security versions 5.7.16, 5.8.18, 6.0.16,…

  • Microsoft’s Symlink Patch Created New Windows DoS Vulnerability

    Microsoft’s Symlink Patch Created New Windows DoS Vulnerability A recent Microsoft security update, intended to patch a critical privilege escalation vulnerability, has inadvertently introduced a new and significant flaw.  The fix now enables non-administrative users to effectively block all future Windows security updates, creating a denial-of-service condition.  This unintended consequence of the patch highlights the…

  • SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances

    SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances SonicWall has disclosed a critical security vulnerability in its SSLVPN service that allows unauthenticated remote attackers to crash affected firewall appliances, potentially causing significant disruptions to enterprise networks.  The vulnerability, tracked as CVE-2025-32818, received a high severity CVSS score of 7.5 and affects numerous SonicWall firewall…

  • Microsoft to Offer Rewards Up to $30,000 for AI Vulnerabilities

    Microsoft to Offer Rewards Up to $30,000 for AI Vulnerabilities Microsoft has launched an expanded bug bounty program offering rewards of up to $30,000 for researchers who identify critical vulnerabilities in AI systems within its Dynamics 365 and Power Platform products.  The initiative, announced by Microsoft Security Response, aims to strengthen security in enterprise AI…

  • 100,000+ Installed WordPress Plugin Critical Vulnerability Exploited Within 4 Hours of Disclosure

    100,000+ Installed WordPress Plugin Critical Vulnerability Exploited Within 4 Hours of Disclosure A severe vulnerability in the popular WordPress plugin SureTriggers has been actively exploited within just four hours of its public disclosure on April 10, 2025.  The critical authentication bypass flaw affects all versions of the plugin up to 1.0.78, which has over 100,000…

  • Apache Roller Vulnerability Let Attackers Gain Unauthorized Access

    Apache Roller Vulnerability Let Attackers Gain Unauthorized Access A critical security vulnerability in Apache Roller has been discovered, allowing attackers to maintain unauthorized access to blog systems even after password changes.  The vulnerability, CVE-2025-24859, has received the highest possible CVSS v4 score of 10, indicating severe risk to affected systems. The security flaw stems from…

  • Google Groups File Attachment Restrictions Bypassed via Email Posting

    Google Groups File Attachment Restrictions Bypassed via Email Posting A significant security vulnerability has been identified in Google Groups, allowing users to circumvent file attachment restrictions by simply sending emails to group addresses.  This broken access control issue potentially impacts thousands of organizations that rely on Google Groups for controlled information sharing and collaboration. Ph.Hitachi…

  • Chinese Hackers Exploit Ivanti VPN Vulnerabilities to Infiltrate Organizations

    Chinese Hackers Exploit Ivanti VPN Vulnerabilities to Infiltrate Organizations A China-linked advanced persistent threat (APT) group has exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate organizations across 12 countries and 20 industries, cybersecurity firm TeamT5 revealed in a report shared with Cyber Security News. The campaign, active since late March 2025, leverages…

  • VMware ESXi 8.0 Update 3e Released for Free, What’s New!

    VMware ESXi 8.0 Update 3e Released for Free, What’s New! Broadcom has officially reintroduced the free version of VMware ESXi with the release of ESXi 8.0 Update 3e (Build 24674464) on April 10, 2025. This marks a significant policy reversal after Broadcom discontinued the free ESXi offering following its acquisition of VMware, a move that…

  • NVIDIA’s Incomplete Patch for Critical Flaw Lets Attackers Steal AI Model Data

    NVIDIA’s Incomplete Patch for Critical Flaw Lets Attackers Steal AI Model Data A critical vulnerability in NVIDIA’s Container Toolkit, CVE-2024-0132, remains exploitable due to an incomplete patch, endangering AI infrastructure and sensitive data. Coupled with a newly discovered denial-of-service (DoS) flaw in Docker on Linux, these issues could allow attackers to breach systems, steal proprietary…

  • Critical pgAdmin Vulnerability Let Attackers Execute Remote Code

    Critical pgAdmin Vulnerability Let Attackers Execute Remote Code A critical security vulnerability discovered in pgAdmin 4, the most widely used management tool for PostgreSQL databases, is allowing attackers to execute arbitrary code on affected systems.  Security researchers have disclosed details of CVE-2025-2945, a severe Remote Code Execution (RCE) vulnerability with a CVSS score of 9.9,…

  • Bitdefender GravityZone Console PHP Vulnerability Let Attackers Execute Arbitrary Commands

    Bitdefender GravityZone Console PHP Vulnerability Let Attackers Execute Arbitrary Commands A critical security vulnerability has been discovered in Bitdefender GravityZone Console that could allow remote attackers to execute arbitrary commands on affected systems.  The flaw tracked as CVE-2025-2244 has a CVSS score of 9.5. It stems from an insecure PHP deserialization issue that poses significant…

  • Top 10 Programming Languages For Cyber Security – 2025

    Top 10 Programming Languages For Cyber Security – 2025 Communication is the key in all areas, and the cyber world is no different. To communicate in the cyber world, you must learn the language used here: programming languages. This will help you command the machines to act according to you.  In cybersecurity, programming languages allow…

  • “IngressNightmare” Critical RCE Vulnerabilities in Kubernetes NGINX Clusters Let Attackers Gain Full Control

    “IngressNightmare” Critical RCE Vulnerabilities in Kubernetes NGINX Clusters Let Attackers Gain Full Control A recently discovered set of vulnerabilities, dubbed “IngressNightmare,” found in Ingress NGINX Controller, exposing clusters to unauthenticated remote code execution (RCE). Kubernetes dominates container orchestration, but its prominence has made it a target for exploitation. In Kubernetes, Ingress serves as a sophisticated…

  • CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog

    CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457, a critical vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, to its Known Exploited Vulnerabilities (KEV) Catalog. This stack-based buffer overflow, actively exploited since mid-March 2025, allows remote unauthenticated attackers…

  • Ivanti Connect Secure RCE Vulnerability Actively Exploited in the Wild – Apply Patch Now!

    Ivanti Connect Secure RCE Vulnerability Actively Exploited in the Wild – Apply Patch Now! Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. This stack-based buffer overflow flaw, with a CVSS score of 9.0, has been…

  • Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware

    Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware Security researchers have identified a critical vulnerability in Ivanti Connect Secure (ICS) VPN appliances that is being actively exploited by suspected Chinese threat actors. The vulnerability, tracked as CVE-2025-22457, is a buffer overflow flaw affecting ICS version 22.7R2.5 and earlier that can lead to remote…

  • Apache Traffic Server Vulnerability Let Attackers Smuggle Requests

    Apache Traffic Server Vulnerability Let Attackers Smuggle Requests A critical security vulnerability in Apache Traffic Server (ATS) has been discovered. By exploiting how the server processes chunked messages, attackers can perform request smuggling attacks.  The vulnerability, tracked as CVE-2024-53868, affects multiple versions of this high-performance HTTP proxy server and requires system administrators’ immediate attention. According…

  • OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code

    OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code A critical security vulnerability in OpenVPN has been discovered that could allow attackers to crash servers, potentially disrupting secure communications for thousands of users worldwide.  The vulnerability, identified as CVE-2025-2704, affects OpenVPN versions 2.6.1 through 2.6.13 when configured with the –tls-crypt-v2 option, a feature commonly…

  • The AI Fix #44: AI-generated malware, and a stunning AI breakthrough

    The AI Fix #44: AI-generated malware, and a stunning AI breakthrough In episode 44 of The AI Fix, ChatGPT won’t build a crystal meth lab, GPT-4o improves the show’s podcast art, some students manage to screw in a lightbulb, Google releases Gemini 2.5 Pro Experimental and nobody notices, and Mark invents a clock for measuring…

  • Microsoft Uncovers Several Vulnerabilities in GRUB2, U-Boot, Barebox Bootloaders Using Copilot

    Microsoft Uncovers Several Vulnerabilities in GRUB2, U-Boot, Barebox Bootloaders Using Copilot Microsoft has discovered multiple critical vulnerabilities affecting widely used bootloaders including GRUB2, U-Boot, and Barebox. These security flaws potentially expose systems to sophisticated boot-level attacks that could compromise devices before operating systems even initialize, allowing attackers to gain persistent and nearly undetectable control over…

  • Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks

    Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks.  These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms. Users are strongly advised to…

  • CrushFTP Vulnerability Exploited in Attacks Following PoC Release

    CrushFTP Vulnerability Exploited in Attacks Following PoC Release Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code.  Based on Shadowserver Foundation’s most recent monitoring data, approximately 1,512 unpatched instances remain vulnerable globally as of March 30, 2025, with North America…

  • CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks

    CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild.  The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU) and allows unauthenticated,…

  • Hackers Scanning From 24,000 IPs to Gain Access to Palo Alto Networks GlobalProtect Portals

    Hackers Scanning From 24,000 IPs to Gain Access to Palo Alto Networks GlobalProtect Portals Researchers have detected an alarming surge in malicious scanning activity targeting Palo Alto Networks’ GlobalProtect VPN portals.  Over a 30-day period, nearly 24,000 unique IP addresses have attempted to access these critical security gateways, suggesting a coordinated effort to probe network…

  • CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability

    CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282). This vulnerability allows attackers to gain unauthorized access and deploy sophisticated malware variants, including the newly identified RESURGE and…

  • 46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings

    46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. A recent investigation revealed 46 new vulnerabilities across three of the world’s top 10…

  • Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code

    Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code Security researchers have uncovered multiple critical vulnerabilities in Appsmith, a popular open-source developer platform for building internal applications.  Most concerning is CVE-2024-55963, which allows unauthenticated attackers to execute arbitrary system commands on servers running default installations of Appsmith versions 1.20 through 1.51. CVE-2024-55963 – Remote Code…

  • CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS

    CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS The Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control System (ICS) advisories on March 25, 2025, detailing significant vulnerabilities in products from ABB, Rockwell Automation, and Inaba Denki Sangyo.  These vulnerabilities, with CVSS v4 scores ranging from 5.1 to 9.3, could allow attackers to…

  • New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch

    New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025.  This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view a malicious…

  • Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild

    Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors.  The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through a logical error at the…

  • Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code

    Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code A severe vulnerability in Synology’s DiskStation Manager (DSM) allows remote attackers to execute arbitrary code with no user interaction.  The flaw, disclosed during PWN2OWN 2024, received a Critical severity rating with a CVSS score of 9.8, indicating its potential for widespread exploitation. The primary vulnerability, identified…

  • Microsoft Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing – PoC Released

    Microsoft Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing – PoC Released A critical vulnerability in Windows File Explorer, identified as CVE-2025-24071, enables attackers to steal NTLM hashed passwords without any user interaction beyond simply extracting a compressed file.  Security researchers have released a proof-of-concept exploit demonstrating this high-severity flaw, which Microsoft patched in…

  • CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild

    CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting a significant vulnerability in Fortinet’s FortiOS and FortiProxy systems, which threat actors are actively exploiting. The authentication bypass vulnerability, tracked as CVE-2025-24472, has been added to CISA’s Known Exploited Vulnerabilities…

  • Kentico Xperience CMS Authentication Bypass Vulnerability Allow Attackers Execute Arbitrary Code Remotely

    Kentico Xperience CMS Authentication Bypass Vulnerability Allow Attackers Execute Arbitrary Code Remotely Researchers discovered critical vulnerabilities in Kentico’s Xperience CMS that could allow attackers to completely compromise affected systems.  The vulnerabilities, identified as WT-2025-0006, WT-2025-0007, and WT-2025-0011, can be chained together to achieve unauthenticated remote code execution on systems with common configurations. Researchers at watchTowr…

  • Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days

    Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft Office, Azure, and other components. The March patch tuesday update included fixes for: In addition to…

  • 400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild

    400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild A coordinated surge in Server-Side Request Forgery (SSRF) exploitation has been detected across multiple widely used platforms, affecting organizations worldwide. Security monitoring reveals approximately 400 unique IP addresses actively targeting multiple SSRF-related CVEs simultaneously, indicating a sophisticated and potentially dangerous campaign. The exploitation surge began…

  • CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild

    CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited vulnerability in Microsoft Windows Management Console (MMC), tracked as CVE-2025-26633.  This improper neutralization flaw (CWE-707) enables remote attackers to execute arbitrary code over a network, posing significant…

  • AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches

    AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks. Dubbed “EntrySign,” this flaw stems from AMD’s use of the AES-CMAC algorithm as a hash function during microcode validation—a…

  • SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details

    SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data, but for undisclosed software vulnerabilities.  This shift in strategy represents a significant evolution in ransomware operations, targeting organizations’ cybersecurity weaknesses rather…

  • Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon

    Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon A serious security vulnerability has been found in popular stalkerware apps, exposing the sensitive personal information and communications of millions of people. Read more in my article on the Hot for Security blog. Graham…

  • Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware

    Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware A sophisticated ransomware attack leveraging a critical Atlassian Confluence vulnerability (CVE-2023-22527, CVSS 10.0) has been uncovered, culminating in the deployment of LockBit Black ransomware across enterprise networks within two hours of initial compromise. The attackers orchestrated a multi-stage intrusion involving credential theft, lateral movement via RDP,…

  • Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released

    Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released A critical 0-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed, enabling local attackers to escalate privileges to root-level access on macOS systems.  All versions of Parallels Desktop, including the most recent 20.2.1 (55876), are vulnerable to the flaw identified as CVE-2024-34331, which…

  • DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast

    DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast DeepSeek has launched FlashMLA, a groundbreaking Multi-head Latent Attention (MLA) decoding kernel optimized for NVIDIA’s Hopper GPU architecture, marking the first major release of its Open Source Week initiative. This innovative tool achieves unprecedented performance metrics of 3000 GB/s memory bandwidth and 580 TFLOPS…

  • PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability

    PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability Security researchers have released proof-of-concept (PoC) exploit code for CVE-2025-20029, a high-severity command injection vulnerability affecting F5’s BIG-IP application delivery controllers.  The flaw, which carries a CVSS v3.1 score of 8.8, enables authenticated attackers to execute arbitrary system commands through improper neutralization of special elements in…

  • Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code 

    Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code  A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.  Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses…

  • Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number

    Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number The Indian Post Office portal was found vulnerable to an Insecure Direct Object Reference (IDOR) attack, exposing sensitive Know Your Customer (KYC) data of thousands of users.  This breach highlights the critical need for robust security measures in government-operated digital platforms,…

  • Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly

    Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. The vulnerability discovered by two web development experts arises from the website’s use of an unsecured…

  • AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

    AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen Master Utility, a software tool designed to optimize the performance of AMD Ryzen processors.  The vulnerability, classified as DLL hijacking, could allow attackers to execute arbitrary code and escalate privileges on…

  • US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day

    US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually. Read…

  • KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques

    KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors.  Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from exploitation.  The findings, presented at the…

  • Windows Storage 0-Day Vulnerability Let Attackers Delete The Target Files Remotely

    Windows Storage 0-Day Vulnerability Let Attackers Delete The Target Files Remotely A significant security vulnerability has been identified in Windows, allowing attackers to remotely delete targeted files on affected systems. This vulnerability, tracked as CVE-2025-21391, was disclosed on February 11, 2025, and is classified as an Elevation of Privilege vulnerability with a severity rating of…

  • USB Army Knife – A Powerful Red Team Tool for Penetration Testers

    USB Army Knife – A Powerful Red Team Tool for Penetration Testers The USB Army Knife is a versatile red-teaming tool for penetration testers that emulates a USB Ethernet adapter for traffic capture, enables custom attack interfaces, and functions as covert storage all in one compact device. This multi-functional firmware combines a variety of attack…

  • PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers

    PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers A recently disclosed vulnerability in AnyDesk, a popular remote desktop software, identified as CVE-2024-12754, enables local attackers to exploit the handling of Windows background images to gain unauthorized access to sensitive system files.  This could potentially escalate their privileges to administrative levels,…

  • Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access

    Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access The eSentire Threat Response Unit (TRU) revealed that threat actors are actively exploiting a six-year-old IIS vulnerability in Progress Telerik UI for ASP.NET AJAX to gain remote access to systems. This vulnerability, identified as CVE-2019-18935, allows attackers to execute arbitrary code on vulnerable servers, posing…

  • 0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows

    0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows A critical 0-Day vulnerability has been identified in nearly all Microsoft Sysinternals tools, presenting a significant risk to IT administrators and developers who rely on these utilities for system analysis and troubleshooting. This vulnerability, outlining how attackers can exploit DLL injection…

  • Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access

    Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access A critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions.  This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting root-level permissions. …

  • Roundcube XSS Vulnerability Let Attackers Inject Malicious Files

    Roundcube XSS Vulnerability Let Attackers Inject Malicious Files A critical Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2024-57004, has been discovered in Roundcube Webmail version 1.6.9.  This flaw allows remote authenticated users to upload malicious files disguised as email attachments, posing significant risks to individuals and organizations using the popular open-source webmail client. The vulnerability stems…

  • Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access

    Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access Microsoft has disclosed a critical vulnerability, CVE-2025-21415, impacting the Azure AI Face Service, which is classified as an Elevation of Privilege issue, allowing attackers to bypass authentication mechanisms via spoofing, escalating their privileges over a network. However, Microsoft has confirmed that…

  • Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System 

    Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System  Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including Data Domain (DD) appliances, PowerProtect Management Center, and other associated systems.  These vulnerabilities, if exploited, could allow attackers to compromise system integrity, escalate privileges, or execute arbitrary code.  Organizations relying on these systems for…

  • Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware

    Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware WhatsApp revealed on Friday that a “zero-click” spyware attack, attributed to the Israeli firm Paragon, has targeted scores of users worldwide, including journalists and members of civil society. The spyware targeted nearly 100 WhatsApp users, including journalists, and did not require any user interaction, nor did…

  • D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely

    D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely A critical unauthenticated Remote Code Execution (RCE) vulnerability has been affecting DSL-3788 routers, allowing attackers to acquire complete control over the router remotely. The flaw has been detected in firmware versions v1.01R1B036_EU_EN and below. This vulnerability was reported by Max Bellia of SECURE NETWORK BVTECH.…

  • Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely

    Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely James Forshaw of Google Project Zero has shed light on a significant security vulnerability in Windows related to accessing trapped COM objects through the IDispatch interface. This research highlights an intriguing bug class that exploits cross-process communication features in object-oriented remoting technologies like…

  • VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations 

    VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations  Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products.  These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive data and privilege escalation.  The vulnerabilities affect the following VMware products:…

  • Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands

    Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers. This vulnerability enables attackers to execute arbitrary commands on affected devices, posing significant risks of system compromise, data theft, and network infiltration. Over 1,500 infected devices have been…

  • PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability

    PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability A Cross-Site Scripting (XSS) vulnerability has been identified in the TP-Link Archer A20 v3 router, specifically in firmware version 1.0.6 Build 20231011 rel.85717(5553).  The issue stems from improper handling of directory listing paths on the router’s web interface. When a specially crafted URL is accessed,…

  • API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers

    API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers A vulnerability in a third-party travel service API has exposed millions of airline users to potential account takeovers, enabling attackers to exploit airline loyalty points and access sensitive personal information.  The flaw, discovered by Salt Labs, highlights the risks associated with API supply…

  • Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released

    Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released The widely used open-source network monitoring tool, Cacti, identified a critical vulnerability. The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severity.  It allows authenticated users with device management permissions to execute arbitrary commands on the server, posing significant risks to data…

  • DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts

    DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts DeepSeek R1, the latest AI model from China, is making waves in the tech world for its reasoning capabilities. Positioned as a challenger to AI giants like OpenAI, it has already climbed to 6th place on the Chatbot Arena benchmarking list, surpassing notable models such as Meta’s…

  • Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges

    Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in One Identity Manager, a widely used identity and access management solution.  This vulnerability, officially tracked as CVE-2024-56404, allows unauthorized privilege escalation under specific configurations.  The issue affects only On-Premise installations and does not impact…

  • Mimic ransomware: what you need to know

    Mimic ransomware: what you need to know What makes Mimic particularly unusual is that it exploits the API of a legitimate Windows file search tool (“Everything” by Voidtools) to quickly locate files for encryption. Find out more about the threat in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout

    Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout A Kansas City man is accused of hacking into local businesses, not to steal money, but to… get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what’s happened to their sensitive genetic data. And Australia mulls…

  • Zimbra Remote Command Execution Vulnerability (CVE-2024-45519) – Exploit POC Released

    Zimbra Remote Command Execution Vulnerability (CVE-2024-45519) – Exploit POC Released Zimbra, a popular email and collaboration platform, has issued a crucial security update to patch a severe vulnerability in its postjournal service. Identified as CVE-2024-45519, this flaw allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. The vulnerability was discovered in Zimbra’s post-journal…

  • New Bluetooth Vulnerability Leak Your Passcode to Hackers While Pairing

    New Bluetooth Vulnerability Leak Your Passcode to Hackers While Pairing A recently identified vulnerability in Bluetooth technology, identified as CVE-2020-26558, poses a significant security risk to devices supporting various Bluetooth Core Specifications. This vulnerability, known as “Impersonation in the Passkey Entry Protocol,” affects devices using the Passkey Entry association model in BR/EDR Secure Simple Pairing,…