cyber security
Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000
A threat actor known as #LongNight has reportedly put up for sale remote code execution (RCE) access to Burger King Spain’s backup system, leveraging vulnerabilities in the AhsayCBS platform.
Priced...
cyber security
Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier.
These flaws, when chained...
cyber security
NETGEAR Router Flaw Allows Full Admin Access by Attackers
A severe authentication bypass vulnerability (CVE-2025-4978) has been uncovered in NETGEAR’s DGND3700v2 wireless routers, enabling unauthenticated attackers to gain full administrative control over affected...
Apple
Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges
Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU kernel that underpins macOS, iOS, iPadOS, tvOS, watchOS, and visionOS....
cyber security
Fortinet Zero-Day Under Attack: PoC Now Publicly Available
FortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet products, including FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice.
The vulnerability...
cyber security
Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution
A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used enterprise password management solution, potentially allowing authenticated attackers to execute...
cyber security
Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware
Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in Cityworks, a widely used asset management system.
This critical flaw...
ChatGPT
Linux Kernel Zero-Day SMB Vulnerability Discovered via ChatGPT
Security researcher has discovered a zero-day vulnerability (CVE-2025-37899) in the Linux kernel's SMB server implementation using OpenAI's o3 language model.
The vulnerability, a use-after-free...
Cisco
Cisco Webex Meetings Vulnerability Enables HTTP Response Manipulation
Security researchers have uncovered a vulnerability in Cisco Webex Meetings that could allow remote attackers to manipulate HTTP responses without authentication.
The cloud-based vulnerability...
Cisco
Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation
Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow authenticated remote attackers to escalate privileges.
The more severe flaw,...
cyber security
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication
Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform used by large enterprises, service...