Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly…
September 2025 Patch Tuesday: Two Publicly Disclosed Zero-Days and Eight Critical Vulnerabilities Among 84 CVEs
Microsoft has addressed 84 vulnerabilities in its September 2025 security update release. This month’s patches address two publicly…
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday
On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is…
Apple’s “Most Significant Upgrade” to iPhone Security Is Here
Ddos September 10, 2025 Apple Security Engineering and Architecture (SEAR) has unveiled Memory Integrity Enforcement (MIE), an always-on,…
Two Zero-Days Among Patch Tuesday CVEs This Month
Microsoft issued updates to fix 81 vulnerabilities in this month’s Patch Tuesday yesterday, including two classed as zero-days which…
Critical Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code
Microsoft has released patches for two significant vulnerabilities in Microsoft Office that could allow attackers to execute malicious code on…
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow…
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no…
Microsoft Patch Tuesday September 2025 Fixes Risky Kernel Flaws
Three high-risk Windows kernel flaws were among the fixes included in Microsoft’s September 2025 Patch Tuesday updates released today.…
The September 2025 Security Update Review
There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe…
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
Today is Microsoft’s September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed…
Microsoft September 2025 Patch Tuesday – 81 Vulnerabilities Fixed Including 22 RCE
Microsoft has released its September 2025 Patch Tuesday updates, addressing a total of 81 security vulnerabilities across its product suite.…
Critical Ivanti Endpoint Manager Vulnerabilities Let Attackers Execute Remote Code
Ivanti has released security updates to address two high-severity vulnerabilities in its Endpoint Manager (EPM) software that could allow…
Software Supply Chain Attacks
In today’s rapidly evolving business landscape, software supply chain attacks are becoming increasingly common—and more…
SAP Security Patch Day September 2025 – 21 Vulnerabilities and 4 Critical One’s Patched
As part of its scheduled security maintenance, SAP released its September 2025 Patch Day notes, addressing a total of 21 new vulnerabilities…
SAP Patch Tuesday: Key Vulnerabilities in September 2025
The September 2025 SAP Patch Tuesday brings a critical batch of security updates addressing a diverse portfolio of vulnerabilities across…
Chinese Salt Typhoon and UNC4841 Hackers Teamed Up to Attack Government and Corporate Infrastructure
Cybersecurity researchers began tracking a sophisticated campaign in the closing months of 2024, targeting both government and corporate…
CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6
Ddos September 9, 2025 Rockwell Automation has issued a security advisory for a critical vulnerability in its Stratix industrial Ethernet…
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams,…
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the…
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to…
Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September…
WhatsApp warns of 'attack against specific targeted users'
Infosec In brief A flaw in Meta’s WhatsApp app “may have been exploited in a sophisticated attack against specific targeted…
CVE-2025-8077 (CVSS 9.8): CRITICAL Flaw in NeuVector Exposes Kubernetes Clusters to Full Takeover
Ddos September 1, 2025 The SUSE Rancher Security Team has issued a critical security advisory for NeuVector, an open-source container security…
CVE-2024-58259: DoS Flaw in Rancher Manager Allows Unauthenticated Attackers to Crash Servers
Ddos September 1, 2025 The SUSE Rancher Security Team has issued a security advisory addressing a high-severity vulnerability in Rancher…
CVE-2025-8067: Linux Privilege Escalation Flaw Found in UDisks Daemon, PoC Releases
Ddos September 1, 2025 A security researcher has disclosed a serious flaw in the UDisks daemon, a widely used component for managing disks and…
Weekly Cybersecurity News Recap : WhatsApp, Chrome 0-Day, AI Ransomware and Cyber Attacks
Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless…
Week in review: 300k+ Plex Media Server instances still vulnerable to attack, exploited Git RCE flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server…
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring…
Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed
A critical zero-day vulnerability in Citrix NetScaler products, identified as CVE-2025-6543, has been actively exploited by threat actors…
QNAP Patches Critical Flaw (CVE-2025-52856) with CVSS 9.3
Ddos August 29, 2025 QNAP has released a security advisory addressing multiple vulnerabilities affecting the QVR firmware on legacy VioStor…
A Critical Zero-Click WhatsApp Flaw, CVE-2025-55177, Was Exploited in Zero-Day Attacks
Ddos August 29, 2025 Meta’s WhatsApp Security Team has patched a zero-day flaw (CVE-2025-55177) in WhatsApp for iOS (prior to…
Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution
Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information…
Citrix Netscaler 0-day RCE Vulnerability Patched – Vulnerable Instances Reduced from 28.2K to 12.4K
A significant global effort to patch a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has seen the…
State-Sponsored Hackers Behind Majority of Vulnerability Exploits
The majority (53%) of attributed vulnerability exploits in the first half 2025 were conducted by state-sponsored actors for strategic,…
FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available
The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts…
Urgent CISA Alert on Citrix NetScaler
In August 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding multiple critical security…
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already…
Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns
The UK, US and partners from across the globe have released a new report on the notorious Chinese APT group Salt Typhoon, claiming it has…
CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has…
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion…
Global Salt Typhoon hacking campaigns linked to Chinese tech firms
The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and partners from over a dozen countries have…