CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild
Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security Gateway…
Why the Cybersecurity Talent Shortage is a Global Threat
In the era of digital transformation, where data flows across borders and devices, data security is paramount. Cyberattacks are no longer…
Microsoft Entra ID Exposed: Actor Token Flaw Enables Stealthy Global Admin Takeove
A newly disclosed vulnerability tracked as CVE-2025-55241 has been reported. The flaw, discovered by an independent researcher and disclosed…
Countering The Adaptive Playbook of Modern Threat Actors
The cybersecurity landscape has seen a substantial threat vector transformation. While malware and ransomware continue to be relevant threats,…
Why “Time to Patch” Is the Cybersecurity KPI That Matters Most
The way your organization manages its risk tolerance and regulatory factors are key performance indicators (KPIs) for assessing your…
GoAnywhere MFT Hit By Perfect 10 RCE
IntroductionOn September 18, 2025, Fortra dropped urgent security advisories for users of their flagship GoAnywhere Managed File Transfer…
Ivanti EPMM holes let miscreants plant shady listeners, CISA says
An unknown attacker has abused a couple of flaws in Ivanti Endpoint Manager Mobile (EPMM) and deployed two sets of malware against an unnamed…
How the U.S. Can Strengthen Its Cyber Defenses Against Nation-State Threats
The American power grid is not just the backbone of modern life. It’s a high-value target in our new era of geopolitical conflict. As…
CISA Warns of Hackers Exploiting Ivanti Endpoint Manager Mobile Vulnerabilities to Deploy Malware
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding sophisticated malware campaigns targeting…
Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug
Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs…
Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation
A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as…
CISA Warns of New Malware Campaign Exploiting Ivanti EPMM Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR), highlighting a new attack trend…
CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation
A newly disclosed vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) platform has been assigned CVE-2025-10035, carrying…
SonicWall says attackers compromised some firewall configuration backup files
Between attackers exploiting 0-day and n-day vulnerabilities in the company’s firewalls and Secure Mobile Access appliances, SonicWall…
1 in 3 Android Apps Leak Sensitive Data
A significant share of mobile applications are exposing sensitive information through insecure APIs, leaving users and businesses vulnerable…
Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)
Google has released a security update for the Chrome stable channel to fix a zero‑day vulnerability (CVE-2025-10585) reported by its…
NCA Singles Out “The Com” as it Chairs Five Eyes Group
The UK’s leading serious and organized crime agency has said it will harness the full force of law enforcement across Five Eyes countries to…
Chrome Emergency Update: Zero-Day (CVE-2025-10585) in V8 Exploited in the Wild
Google has released a Stable Channel update to version 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for Linux, addressing four…
Phoenix (CVE-2025-6202): A New Rowhammer Attack Bypasses DDR5 Protections
Researchers from ETH Zurich have unveiled Phoenix, a new Rowhammer attack that successfully bypasses in-DRAM mitigations in all tested SK…
From Simple Bug to RCE: A Flaw (CVE-2025-21692) in the Linux Kernel, PoC Published
Security researcher Volticks has published a deep technical writeup on CVE-2025-21692, a vulnerability in the Linux kernel’s Enhanced…
How LLMs can be compromised in 2025 | Kaspersky official blog
Developers of LLM-powered public services and business applications are working hard to ensure the security of their products, but the…
FileFix Campaign Using Steganography and Multistage Payloads
A rare in-the-wild FileFix campaign has been observed by cybersecurity researchers, which hides a second-stage PowerShell script and encrypted…
Critical CVEs in Chaos-Mesh Enable In-Cluster Code Execution
Multiple CVEs in the Chaos-Mesh platform have been discovered, including three critical vulnerabilities that allow in-cluster attackers to run…
Critical WatchGuard Vulnerability Allows Unauthenticated Attacker to Execute Arbitrary Code
A critical vulnerability has been discovered in WatchGuard’s Firebox firewalls, which could allow a remote, unauthenticated attacker to…
Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad
Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation…
Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault…
Digital Transformation Failures: A National Security Crisis in the Making
In the hyperconnected world, digital transformation has become synonymous with progress, efficiency and innovation. For governments, business…
WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login
A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has emerged as a significant security threat, allowing…
0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities
A 0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities, achieving remote code execution on a two-year-out-of-date Linux 6.1.45…
New Phoenix Rowhammer Attack Variant Bypasses Protection With DDR5 Chips
A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The…
CVE-2025-58434: Critical FlowiseAI Flaw Enables Full Account Takeover
A severe security vulnerability has been discovered in FlowiseAI, an open-source AI workflow automation tool, exposing users to the risk of…
IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local…
Samsung Zero-Day Exploit CVE-2025-21043 Patched After Active Attacks on Android Devices
Samsung has released security updates to patch a critical zero-day vulnerability actively exploited against Android devices. Tracked as…
FlowiseAI Password Reset Token Vulnerability Allows Account Takeover
A critical vulnerability affecting FlowiseAI’s Flowise platform has been disclosed, revealing a severe authentication bypass flaw that…
Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication
Two critical vulnerabilities have been discovered in the Linux Common Unix Printing System (CUPS), exposing millions of systems to remote…
PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)
The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has been found vulnerable…
Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control
The Taiwan Computer Emergency Response Team (TWCERT/CC) has issued a vulnerability note warning of two critical security flaws in…
CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk
The rise of large language model (LLM) applications has made frameworks like LangChain and its ports foundational for developers worldwide.…
Beyond the Firewall: Protecting Your Marketing Department from Cyber Threats and Safeguarding Digital Assets
Digital media created more opportunities for companies to engage with consumers than ever before, but such increased interconnectedness has a…
CISA Warns of Attacks on DELMIA Manufacturing Software Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a manufacturing operations management software vulnerability to its…
HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot
ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware,…
Samsung Zero-Day Vulnerability Actively Exploited to Execute Remote Code
Samsung has released its September 2025 security update, addressing a critical zero-day vulnerability that is being actively exploited in the…