cyber security
VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2
Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning $435,000 in bounties.
The competition, now in...
cyber security
CISA Alerts on Five Active Zero-Day Windows Vulnerabilities Being Exploited
Cybersecurity professionals and network defenders, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five newly identified Windows 0-day vulnerabilities to its Known...
cyber security
CISA Alerts on Active Exploitation of Zero-Day Vulnerability in Multiple Fortinet Products
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding five zero-day vulnerabilities affecting multiple Fortinet products, after evidence emerged...
Chrome
Google Chrome Zero-Day Vulnerability (CVE-2025-4664) Actively Exploited in The Wild
Google has rolled out a fresh Stable Channel update for the Chrome browser across desktop platforms, including Windows, Mac, and Linux.
This update elevates...
cyber security
Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure
EclecticIQ analysts have uncovered a sophisticated cyber-espionage campaign orchestrated by China-nexus nation-state Advanced Persistent Threats (APTs) targeting critical infrastructure worldwide.
In April 2025, these threat...
cyber security
Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild
Microsoft has disclosed two critical security vulnerabilities in the Windows Common Log File System (CLFS) Driver that are currently being exploited in the wild....
cyber security
Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access
Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, tracked as CVE-2025-32709.
This use-after-free...
cyber security
Critical 0-Day in Windows DWM Enables Privilege Escalation
Microsoft has disclosed a significant security vulnerability (CVE-2025-30400) affecting the Windows Desktop Window Manager (DWM) that is actively being exploited in the wild.
The...
cyber security
Attackers Leverage Unpatched Output Messenger 0‑Day to Deliver Malicious Payloads
A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also known as Sea Turtle and UNC1326), has been exploiting a...
cyber security
Play Ransomware Deployed in the Wild Exploiting Windows 0-Day Vulnerability
Patched Windows zero-day vulnerability (CVE-2025-29824) in the Common Log File System (CLFS) driver was exploited in attacks linked to the Play ransomware operation prior...
Cyber Security News
Windows Deployment Services Hit by 0-Click UDP Flaw Leading to System Failures
A newly discovered pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) exposes enterprise networks to instant system crashes via malicious UDP packets.
Dubbed a “0-click”...