⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code
Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used…
500X Surge in Scanning Targets Palo Alto and Cisco ASA
Enterprise security teams are on high alert after an extraordinary 500% spike in mass scanning activity was detected against Palo Alto…
Breaking Point: Storage & Backup Systems
Surging Cyber Threats: Actively Exploited Vulnerabilities in Storage and Backup Systems Enterprise storage and backup systems have become a…
Chinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO Fraud
A Chinese-speaking cybercrime group is hijacking trusted Internet Information Services (IIS) worldwide to run SEO scams that redirect users to…
Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites
A new has been disclosed in the widely used Yoast SEO Premium plugin for WordPress, potentially exposing millions of websites to cross-site…
Researcher Details Zero-Day Linux/Android Kernel Flaw (CVE-2025-38352)
researcher StreyPaws has published an in-depth analysis of CVE-2025-38352, a Time-of-Check to Time-of-Use (TOCTOU) race condition in the…
Chrome 141 Stable Channel Update Patches High-Severity Vulnerabilities (CVE-2025-11205 & CVE-2025-11206)
The Chrome team has announced the promotion of Chrome 141 to the Stable Channel for Windows, Mac, and Linux. The release—version…
Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure
Red Hat published security advisory CVE-2025-10725, detailing an Important severity flaw in the OpenShift AI Service that could enable…
CVE-2025-10725 (CVSS 9.9): Red Hat OpenShift AI Privilege Escalation Flaw Could Lead to Full Cluster Compromise
The Red Hat team has disclosed a serious in Red Hat OpenShift AI, a platform designed to build, deploy, and manage machine learning (ML)…
NVIDIA Patches Multi Flaws in Delegated License Service, Allows Unauthenticated Access and DoS
NVIDIA has issued a bulletin addressing multiple across the NVIDIA App for Windows and the Delegated License Service (DLS) component of the…
Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform
The Apache Software Foundation has published a new advisory disclosing three in Apache Kylin, a high-concurrency OLAP engine widely used for…
Achieving Crypto Agility Through eFPGA: A Prerequisite for Secure ASIC and SoC Designs
In an era where digital threats evolve daily and quantum computing looms on the horizon, the need for true crypto agility has never been more…
Chinese hackers exploiting VMware zero-day since October 2024
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has…
CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks
CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently…
Broadcom fixes high-severity VMware NSX bugs reported by NSA
Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency…
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since…
You name it, VMware elevates it (CVE-2025-41244)
On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service…
SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account
A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames…
DLL Hijacking Flaw (CVE-2025-56383) Found in Notepad++, Allowing Arbitrary Code Execution, PoC Available
A newly disclosed in Notepad++ v8.8.3 has been assigned CVE-2025-56383. The , rated CVSS 6.5, allows attackers to hijack Notepad++’s DLL…
Prompt Injection and Model Poisoning: The New Plagues of AI Security
You wake up. Your AI wakes up. Somewhere, a stranger types a sentence, and your AI listens. This is not science fiction. This is the…
Cybersecurity Weekly – Chrome 0-Day, 22.2 Tbps DDOS Attack, Kali Linux Release, Cisco IOS 0-Day and More
This week in cybersecurity was marked by a relentless pace of critical disclosures and unprecedented attack volumes, underscoring the…
GitLab High-Severity Vulnerabilities Let Attackers Crash Instances
GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash…
Agencies Around the Globe Urge Patching of Cisco ASA Bug Under Active Exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-03 in response to an ongoing and severe…
CISA Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices
This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 25-03: Identify…
CISA Warns of Cisco Firewall 0-Day Vulnerabilities Actively Exploited in the Wild
CISA has issued an Emergency Directive mandating immediate action to mitigate two critical zero-day…
CTEM's Core: Prioritization and Validation
Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail.…
Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
Welcome to this week's Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The…
US Federal Agency Breached Via GeoServer Vulnerability
IntroductionIn September 2025, CISA confirmed that a major breach had impacted a US federal agency through the exploitation of a critical…
New Phishing Campaign Targets PyPI Maintainers with Fake Domain
The Python Package Index (PyPI) is once again the target of a phishing campaign aimed at maintainers, with attackers using domain confusion…
CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases
VDE CERT has issued a security advisory disclosing two vulnerabilities in WAGO Device Sphere and WAGO Solution Builder, software widely used…
CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin
While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) frameworks, the Trend Micro Zero…
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the…
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the…
CISA Says Failure to Patch, Untested IRP, Silent EDR Alerts, Led to a Federal Agency Breach
CISA this week offered a rare window into a real-world breach at a U.S. federal civilian agency. Delays in patching, unexercised incident…
Federal Agency Compromised Via GeoServer Exploit, CISA Reveals
A federal agency was compromised last year after failures in vulnerability remediation, incident response and EDR log reviews, according to…
CISA says hackers breached federal agency using GeoServer exploit
CISA has revealed that attackers breached the network of an unnamed U.S. federal civilian executive branch (FCEB) agency last year after…
CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild
Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security Gateway…
Chrome Type Confusion 0-Day Vulnerability Code Analysis Released
Google Chrome’s V8 JavaScript engine has been compromised by a critical type confusion zero-day vulnerability, designated…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
How to Gain Control of AI Agents and Non-Human Identities
We hear this a lot: "We've got hundreds of service accounts and AI agents running in the background. We didn't create most of them. We don't…
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any…