cyber security
VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2
Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning $435,000 in bounties.
The competition, now in...
cyber security
Ivanti Endpoint Manager Vulnerabilities Allow Unauthenticated Remote Code Execution
Critical vulnerability chain in Ivanti Endpoint Manager Mobile (EPMM) has exposed enterprise mobile device management systems to pre-authenticated remote code execution (RCE) attacks.
The...
cyber security
Jenkins Released Security Updates – Multiple Vulnerabilities Fixed That Allow Attackers to Exploit CI/CD Pipelines
Jenkins, the widely used automation server for CI/CD pipelines, has released a critical security advisory addressing several vulnerabilities in popular plugins.
These flaws-ranging from...
cyber security
CISA Alerts on Five Active Zero-Day Windows Vulnerabilities Being Exploited
Cybersecurity professionals and network defenders, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five newly identified Windows 0-day vulnerabilities to its Known...
cyber security
Russian Hackers Exploit XSS Vulnerabilities to Inject Malicious Code into Email Servers
A sophisticated cyberespionage campaign, dubbed Operation RoundPress, has been uncovered by cybersecurity researchers at ESET.
Attributed with medium confidence to the Russian-linked Sednit group-also...
cyber security
Critical Microsoft Office Vulnerabilities Enable Malicious Code Execution
Microsoft has addressed three critical security flaws in its Office suite, including two vulnerabilities rated Critical and one Important, all enabling remote code execution...
cyber security
Repeated Firmware Key-Management Failures Undermine Intel Boot Guard and UEFI Secure Boot
The security of fundamental technologies like Intel Boot Guard and UEFI Secure Boot has been seriously questioned due to persistent cryptographic key management issues...
Cyber Security News
Google Researchers Use Mach IPC to Uncover Sandbox Escape Vulnerabilities
Google Project Zero researchers have uncovered new sandbox escape vulnerabilities in macOS using an innovative approach that leverages Mach Interprocess Communication (IPC) mechanisms-core components...
Azure
Critical Azure and Power Apps Vulnerabilities Allow Attackers to Exploit RCE
Microsoft has patched four critical security vulnerabilities affecting its Azure cloud services and Power Apps platform that could allow attackers to escalate privileges, perform...
cyber security
Threat Actors Target Job Seekers with Three New Unique Adversaries
Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three distinct threat actors employing unique and highly technical strategies to...
CVE/vulnerability
SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution
Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling unauthenticated attackers to execute remote commands by exploiting several...