Google Chrome Patches Critical Security Flaws in September 2025 Update
In early September 2025, Google released an important security update for its Chrome browser—version 140.0.7339.127—to patch two…
Microsoft Windows Defender Privilege Escalation Flaws
It was an uneventful Patch Tuesday—until the headlines hit. Security feeds and vuln catalogs started buzzing: The Microsoft Windows…
PyInstaller Flaw : Are Your Python Apps Vulnerable to Hijacking?
Ddos September 12, 2025 The PyInstaller project has released fixes for a local privilege escalation vulnerability that affected applications…
Palo Alto Networks User-ID Credential Agent Vulnerability Exposes password In Cleartext
A newly disclosed vulnerability in Palo Alto Networks’ User-ID Credential Agent for Windows, identified as CVE-2025-4235, could…
Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset
A Chinese APT group has compromised a Philippines-based military firm using a novel, sophisticated fileless malware framework dubbed…
NVIDIA NVDebug Tool Vulnerability Let Attackers Escalate Privileges
NVIDIA has released a security update for its NVDebug tool to address three high-severity vulnerabilities that could allow an…
High-Severity Flaws in Sunshine for Windows Allow Privilege Escalation
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of two critical local security flaws affecting Sunshine for…
Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a…
Microsoft fixes app install issues caused by August Windows updates
Microsoft has fixed a known issue caused by the August 2025 security updates, which triggers unexpected User Account Control (UAC) prompts and…
Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly…
Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges
Microsoft has issued an updated warning for a critical security vulnerability in Active Directory Domain Services, tracked as CVE-2025-21293.…
Two Zero-Days Among Patch Tuesday CVEs This Month
Microsoft issued updates to fix 81 vulnerabilities in this month’s Patch Tuesday yesterday, including two classed as zero-days which…
Windows BitLocker Vulnerability Let Attackers Elevate Privileges
Microsoft has addressed two significant elevation of privilege vulnerabilities affecting its Windows BitLocker encryption feature. The flaws,…
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no…
Microsoft Patch Tuesday September 2025 Fixes Risky Kernel Flaws
Three high-risk Windows kernel flaws were among the fixes included in Microsoft’s September 2025 Patch Tuesday updates released today.…
The September 2025 Security Update Review
There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe…
Microsoft September 2025 Patch Tuesday – 81 Vulnerabilities Fixed Including 22 RCE
Microsoft has released its September 2025 Patch Tuesday updates, addressing a total of 81 security vulnerabilities across its product suite.…
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call…
Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS
Zoom released a security update addressing multiple vulnerabilities in its software, including Zoom Workplace and various clients for Windows…
SAP Patch Tuesday: Key Vulnerabilities in September 2025
The September 2025 SAP Patch Tuesday brings a critical batch of security updates addressing a diverse portfolio of vulnerabilities across…
Remote Access Abuse Biggest Pre-Ransomware Indicator
Abuses of remote access software and services are the most common ‘pre-ransomware’ indicators, according to new research from…
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams,…
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the…
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to…
Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September…
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog…
CVE-2025-8067: Linux Privilege Escalation Flaw Found in UDisks Daemon, PoC Releases
Ddos September 1, 2025 A security researcher has disclosed a serious flaw in the UDisks daemon, a widely used component for managing disks and…
BadSuccessor (CVE-2025-53779) Technique Persists Despite Microsoft Patch
Ddos August 30, 2025 At DEF CON 2025, Akamai security researcher Yuval Gordon revealed the story of BadSuccessor (CVE-2025-53779), an Active…
BadSuccessor Post-Patch: Leveraging dMSAs for Credential Acquisition and Lateral Movement in Active Directory
Microsoft’s recent patch for the BadSuccessor vulnerability (CVE-2025-53779) has successfully closed the direct privilege escalation…
CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has…
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion…
Global Salt Typhoon hacking campaigns linked to Chinese tech firms
The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and partners from over a dozen countries have…
NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation
NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow…
AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals
Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought…
Securing the AI Revolution: Introducing Cloudflare MCP Server Portals
2025-08-26 6 min read Securing the AI Revolution: Introducing Cloudflare MCP Server Portals Large Language Models (LLMs) are rapidly evolving…
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and…
Defending against malware persistence techniques with Wazuh
Malware persistence techniques enable attackers to maintain access to compromised endpoints despite system reboots, credential changes, or…
Ten Years of Resilience, Innovation & Community-Driven Defense
The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security…
Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete…
August 2025 Patch Tuesday: One Publicly Disclosed Zero-Day and 13 Critical Vulnerabilities Among 107 CVEs
Microsoft has addressed 107 vulnerabilities in its August 2025 security update release. This month’s patches include fixes for one…
Weekly Cybersecurity News Recap : Apple 0-day, Chrome, Copilot Vulnerabilities and Cyber Attacks
This past week was packed with high-severity disclosures and active exploitation reports across the global threat landscape. At the forefront,…
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to…