cyber security
Multiple QNAP Flaws Allow Remote Attackers to Hijack User Accounts
QNAP has issued a security advisory warning users of Qsync Central about two critical vulnerabilities that could allow attackers to access sensitive data or...
cyber security
Jenkins Gatling Plugin Flaw Allows CSP Bypass, Exposing Systems to Attack
On June 6, 2025, the Jenkins Project issued a security advisory (SECURITY-3588 / CVE-2025-5806) affecting the Gatling Plugin, a widely used tool for displaying...
cyber security
Critical Salesforce Vulnerability Exposes Global Users to SOQL Injection Attacks
In June 2025, a security researcher uncovered a critical SOQL (Salesforce Object Query Language) injection vulnerability in a default Salesforce Aura controller, affecting potentially...
AWS
Critical RCE Vulnerability in AWS Amplify Studio – PoC Now Public
In May 2025, AWS disclosed a critical remote code execution (RCE) vulnerability, CVE-2025-4318, in the @aws-amplify/codegen-ui package—a core dependency for AWS Amplify Studio’s UI...
cyber security
Critical FreeRTOS-Plus-TCP Flaw Allows Code Execution or System Crash
A critical memory corruption vulnerability, tracked as CVE-2025-5688, has been disclosed in FreeRTOS-Plus-TCP, Amazon’s open-source TCP/IP stack widely used in embedded and IoT devices....
cyber security
Critical RCE Flaw Found in HPE Insight Remote Support Tool
Hewlett-Packard Enterprise (HPE) has released a critical security bulletin addressing multiple high-impact vulnerabilities in its Insight Remote Support (IRS) software, versions prior to 7.15.0.646....
cyber security
PoC Exploit Released for Apache Tomcat DoS Vulnerability
A critical memory leak vulnerability in Apache Tomcat’s HTTP/2 implementation (CVE-2025-31650) has been weaponized, enabling unauthenticated denial-of-service attacks through malformed priority headers.
The flaw...
cyber security
Hackers Exploit Roundcube Vulnerability to Steal User Credentials via XSS Attack
A recent spearphishing campaign targeting Polish entities has been attributed with high confidence to the UNC1151 threat actor, a group linked to Belarusian state...