Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs
The Samba Team has released an urgent advisory addressing two , including a critical command injection (CVE-2025-10230) that could allow…
Flaw in Slider Revolution Plugin Exposed 4m WordPress Sites
A security vulnerability affecting millions of WordPress websites has been uncovered in the widely used Slider Revolution plugin. The flaw,…
Last Windows 10 Patch Tuesday Features Six Zero Days
It’s set to be a busy October for system administrators after Microsoft issued security updates to fix 172 vulnerabilities including six…
Capita Fined £14m After 2023 Breach that Hit 6.6 Million People
Capita will not appeal a £14m regulatory penalty for security failings that led to a 2023 data breach impacting nearly seven million…
Windows Remote Access Connection Manager 0-Day Vulnerability Exploited in Attacks
Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan)…
Samsung Sets Oct 21 Event to Unveil “Project Moohan,” Its Android XR Headset Rival to Vision Pro
Samsung data breach Samsung has announced that it will host a new product unveiling event titled “Worlds Wide Open” on October 21…
Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config
Siemens has released a critical update for its SIMATIC ET 200SP communication processors, addressing an authentication that could allow…
Critical Rockwell NAT Router Flaw (CVE-2025-7328, CVSS 10.0) Allows Unauthenticated Admin Takeover
Rockwell Automation has published a new advisory warning customers about three affecting its 1783-NATR Network Address Translation (NAT)…
Critical RCE Flaws CVE-2025-48983 & CVE-2025-48984 (CVSS 9.9) Found in Veeam Backup & Replication
Veeam Software has released patches addressing three newly disclosed , including two critical Remote Code Execution (RCE) in Veeam Backup…
Chrome Fix: New Use-After-Free Flaw (CVE-2025-11756) in Safe Browsing Component Poses High Risk
Google has released a new Stable Channel Update for Desktop, rolling out gradually to Windows, macOS, and Linux systems over the coming days…
October Patch Tuesday: Microsoft Fixes 6 Zero-Days, Including 4 Actively Exploited Flaws, as Windows 10 Reaches End-of-Life
Microsoft’s October 2025 Patch Tuesday has arrived with one of the largest updates of the year—193 patched, including six…
Sekoia Exposes PolarEdge Backdoor: Custom mbedTLS C2 Compromising Cisco, QNAP, and Synology Devices
Sekoia Threat Detection & Response (TDR) researchers have published an in-depth technical analysis of the PolarEdge Backdoor, a stealthy…
Rockwell Automation Patches Privilege Escalation and Denial-of-Service Flaws Across FactoryTalk and ArmorStart Systems
Rockwell Automation has released a series of advisories addressing in several of its FactoryTalk and ArmorStart product lines. These ,…
Patch Tuesday, October 2025 ‘End of 10’ Edition
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two…
Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack
Spooky season is in full swing, and this extends to Microsoft's October Patch Tuesday with security updates for a frightful 175 Microsoft…
Patch Tuesday October 2025: Three Zero-days Under Attack
Microsoft’s Patch Tuesday October 2025 included fixes for 175 vulnerabilities, including three exploited zero-days and 13 additional…
PolarEdge With Custom TLS Server Uses Custom Binary Protocol for C2 Communication
A sophisticated backdoor malware targeting Internet of Things devices has surfaced, employing advanced communication techniques to maintain…
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow…
FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands
Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated…
Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities across its ecosystem, including four…
UEFI Shell Vulnerabilities Could Let Hackers Bypass Secure Boot on 200,000+ Laptops
Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops.…
New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds
Pixnapping, a novel class of side-channel attacks targeting Android devices that can covertly extract sensitive screen data, including…
CVE Deep Dive : CVE-2025–32463
Sudo “Chroot to Root” — Critical Library Loading Privilege EscalationPublished : Sept 23, 2025 | by : OptPress enter or…
Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover
After discovering that hackers were exploiting a zero-day in the Chakra JavaScript engine used by Internet Explorer versions 9, 10, and 11,…
Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)
The CERT Coordination Center (CERT/CC) has issued a warning regarding a critical supply chain — CVE-2025-11577 — after researchers…
Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection
Elastic has released urgent updates for Elastic Cloud Enterprise (ECE) to patch a critical (CVE-2025-37729) that could allow attackers with…
RMPocalypse Flaw (CVE-2025-0033) Bypasses AMD SEV-SNP to Fully Compromise Encrypted VMs
A research team from ETH Zurich has disclosed a critical — CVE-2025-0033, dubbed RMPocalypse — that undermines AMD’s…
Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks
The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks as…
AI vs AI: The Future of Cybersecurity Is Machine vs. Machine. Is the human factor still relevant?
How Artificial Intelligence is transforming both cyber defense and cybercrime by Venkatesh Apsingekar, Senior Engineering Manager –…
Your Alerts Are Increasing Your Cybersecurity Risk
At their core, alerts exist to bring attention to something meaningful: an indicator of compromise (IOC), an indicator of attack (IOA), or a…
Apple Bug Bounty Payouts Can Now Top $5m
Apple has doubled its top award for ethical hacking discoveries to $2m, although security researchers could earn even more if they’re…
Critical Vulnerability CVE-2025-61884 Found in Oracle E-Business Suite
Oracle E-Business Suite (EBS) — a cornerstone ERP platform for countless enterprises across the globe — faces a critical security…
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
Oracle has revealed the existence of yet another remotely exploitable Oracle E-Business Suite vulnerability (CVE-2025-61884). About…
Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from…
Identity Risk Intelligence – The Missing Piece in Continuous Threat Exposure Management (CTEM)
In today’s cybersecurity landscape, identity is no longer just a credentialing concern; it is the battleground. Modern cyber defenses…
Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)
The Zero Day Initiative (ZDI) has published details of two critical in the popular open-source compression utility 7-Zip, which could allow…
China Launches Antitrust Probe into Qualcomm Over Autotalks Acquisition Failure to File Declaration
China’s State Administration for Market Regulation (SAMR) recently announced the launch of an antitrust investigation into U.S.…
Juniper Junos Space October 2025 Vulnerability Fixes
On October 9, 2025, Juniper Networks rolled out Junos Space 24.1R4 Patch V1, a broad security update tackling more than 200 vulnerabilities…
Ransomware crims that exploited SharePoint 0-days add Velociraptor to their arsenal
The ransomware gang caught exploiting Microsoft SharePoint zero-days over the summer has added a new tool to its arsenal: Velociraptor, an…
Security risks of vibe coding and LLM assistants for developers
Although the benefits of AI assistants in the workplace remain debatable, where they’re being adopted most confidently of all is in…
Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit
Website owners using the Service Finder WordPress theme and its bundled Bookings plugin must update their software immediately, as a serious…
Zero-day in file-sharing software leads to RCE, and attacks are ongoing
Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available…