Critical Flaw CVE-2025-52906 (CVSS 9.3) Allows Unauthenticated RCE on TOTOLINK X6000R Routers
Researchers from Unit 42, Palo Alto Networks’ threat intelligence team, have disclosed three newly discovered in the firmware of the…
Splunk Fixes Six Flaws, Including Unauthenticated SSRF and XSS Vulnerabilities in Enterprise Platform
Splunk has released a series of advisories addressing six in Splunk Enterprise and Splunk Cloud Platform, ranging from medium to high…
Django Security Alert: High-Severity SQL Injection Flaw (CVE-2025-59681) Fixed in Latest Updates
The Django team has issued new releases for the popular Python web framework, addressing two that could lead to SQL injection and directory…
DoS Flaws in Argo CD: Unauthenticated Attackers Can Crash Kubernetes Server with Single Request
The Argo CD project has released patches addressing several denial-of-service (DoS) that could allow attackers to crash the argocd-server…
CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application
The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued a advisory warning of a critical in the Megasys Telenium Online Web…
That annoying SMS phish you just got may have come from a box like this
The researchers added: “This campaign is notable in that it demonstrates how impactful smishing operations can be executed using simple,…
'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeover
A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data,…
Cyber Brief 25-10 – September 2025
Cyber Brief (September 2025)October 1, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 285 open source reports for this Cyber Security…
Broadcom Issues Patches for VMware NSX and vCenter Security Flaws
A set of substantial security updates for VMware NSX and vCenter has been released by Broadcom, addressing multiple high-severity…
CISA Warns of Cisco IOS and IOS XE SNMP Vulnerabilities Exploited in Attacks
Cisco’s Simple Network Management Protocol (SNMP) implementations in IOS and IOS XE have come under intense scrutiny following reports…
Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure
Red Hat published security advisory CVE-2025-10725, detailing an Important severity flaw in the OpenShift AI Service that could enable…
Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts
Despite Cisco and various cybersecurity agencies warning about attackers actively exploting zero-day vulnerabilities (CVE-2025-20333 and…
48+ Cisco Firewalls Vulnerable to Actively Exploited 0-Day Vulnerability in the Wild
A critical zero-day vulnerability affecting thousands of Cisco firewalls is being actively exploited by threat actors in the wild. The…
OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely
The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to…
CVE-2025-10725 (CVSS 9.9): Red Hat OpenShift AI Privilege Escalation Flaw Could Lead to Full Cluster Compromise
The Red Hat team has disclosed a serious in Red Hat OpenShift AI, a platform designed to build, deploy, and manage machine learning (ML)…
NVIDIA Patches Multi Flaws in Delegated License Service, Allows Unauthenticated Access and DoS
NVIDIA has issued a bulletin addressing multiple across the NVIDIA App for Windows and the Delegated License Service (DLS) component of the…
Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform
The Apache Software Foundation has published a new advisory disclosing three in Apache Kylin, a high-concurrency OLAP engine widely used for…
Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access
The of the open-source software supply chain was once again tested when JFrog’s research team uncovered a malicious package on PyPI. The…
Warnings about Cisco vulns under active exploit are falling on deaf ears
Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by "advanced" attackers remain exposed to the…
CISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog
The threat landscape continues to evolve rapidly and staying ahead of actively exploited vulnerabilities is key to effective cybersecurity…
Achieving Crypto Agility Through eFPGA: A Prerequisite for Secure ASIC and SoC Designs
In an era where digital threats evolve daily and quantum computing looms on the horizon, the need for true crypto agility has never been more…
Chinese hackers exploiting VMware zero-day since October 2024
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has…
CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks
CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently…
Threat Actors Allegedly Listed Veeam RCE Exploit for Sale on Dark Web
Veeam Backup & Replication, a cornerstone of many enterprises’ data protection strategy, has reportedly become the focus of a new…
Apple Security Update Addresses Critical Font Parser Vulnerability Across Multiple Platforms
Apple has rolled out a series of important security updates across multiple platforms, addressing a vulnerability affecting the system font…
CISA warns of critical Linux Sudo flaw exploited in attacks
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with…
Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability
Security researchers are observing a significant increase in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability…
China-linked RedNovember Campaign Shows Importance of Patching Edge Devices
A long-running threat campaign linked to a Chinese state-sponsored cyber-espionage group highlights the importance of patching and protecting…
You name it, VMware elevates it (CVE-2025-41244)
On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service…
Dutch Authorities Arrest Teens in Foreign Interference Case
Two 17-year-old boys have been arrested in the Netherlands on suspicion of involvement in espionage activities. Dutch media reported…
Akira ransomware: From SonicWall VPN login to encryption in under four hours
Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their…
New TamperedChef Malware Leverages Productivity Tools to Gain Access and Exfiltrate Sensitive Data
A sophisticated malware campaign has emerged that weaponizes seemingly legitimate productivity tools to infiltrate systems and steal sensitive…
Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation
The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a controlled environment.…
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File
WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of…
Vulnerability in CivetWeb software
CVE ID CVE-2025-9648 Publication date 29 September 2025 Vendor CivetWeb Product CivetWeb Vulnerable versions All before 1.08 Vulnerability…
SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account
A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames…
SonicWall SSL VPN Attacks Escalate, Bypassing MFA
Security experts have warned of a surge in malicious activity from Akira ransomware actors targeted at victims running SonicWall SSL VPN…
Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild
The cybersecurity landscape experienced a significant escalation in September 2025, when Cisco disclosed multiple critical zero-day…
Formbricks Signature Verification Vulnerability Let Attackers Reset User Passwords Without Authorization
A critical security flaw discovered in Formbricks, an open-source experience management platform, demonstrates how missing JWT signature…
Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code
A newly discovered DLL hijacking vulnerability in Notepad++, the popular source code editor, could allow attackers to execute arbitrary code…
SUSE Rancher Security Team Patches Three Vulnerabilities in Rancher Manager
The SUSE Rancher Team has issued fixes for three affecting Rancher Manager, with severities ranging from Medium to High. These could lead to…
TamperedChef Malware Rises: Deceptive Apps Use Signed Binaries and SEO Poisoning to Hijack Browsers
Field Effect’s Threat Intelligence team has uncovered a new wave of the TamperedChef malware campaign, leveraging digitally signed…