Vulnerabilities

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a severe security flaw affecting Adobe Experience Manager (AEM). The flaw, now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, has been confirmed to be under active exploitation. With a CVSS score of 10.0, this bug represents the highest level of […]

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation Read More »

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Veeam has issued an urgent security update to fix several critical remote code execution (RCE) vulnerabilities affecting Veeam Backup & Replication version 12. These flaws could let authenticated domain users execute malicious code on backup servers and infrastructure hosts, posing a severe threat to organizations. Two of the most dangerous vulnerabilities specifically impact domain-joined installations

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code Read More »

100+ VS Code Extensions Found Exposing Developers to Hidden Supply Chain Threats

Recent research has revealed that more than 100 Visual Studio Code (VS Code) extensions have inadvertently leaked access tokens, creating a critical risk in the software supply chain. Malicious actors could exploit these tokens to push updates to the extensions, potentially compromising developers’ systems. Critical Risk of Leaked Tokens According to Wiz security researcher Rami

100+ VS Code Extensions Found Exposing Developers to Hidden Supply Chain Threats Read More »

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access

Cybersecurity researchers have reported an active exploitation of a serious security flaw in ICTBroadcast, the autodialer software developed by ICT Innovations. The vulnerability, tracked as CVE-2025-2611 and assigned a CVSS score of 9.3, arises from insufficient input validation. This flaw allows unauthenticated remote code execution, as the call center application improperly passes session cookie data

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access Read More »

New SAP NetWeaver Vulnerability Allows Server Takeover Without Authentication

SAP has released updates addressing 13 security flaws, with special focus on a critical vulnerability in SAP NetWeaver AS Java that could allow attackers to execute arbitrary commands. Tracked as CVE-2025-42944, this flaw has a CVSS score of 10.0, making it highly severe. Security experts classify it as an insecure deserialization issue. According to CVE.org,

New SAP NetWeaver Vulnerability Allows Server Takeover Without Authentication Read More »

Two Critical Red Lion RTU Flaws Rated CVSS 10.0 Could Give Hackers Full Industrial Control

Cybersecurity researchers have disclosed two severe vulnerabilities in Red Lion Sixnet remote terminal units, RTUs, that together can allow unauthenticated attackers to gain root level code execution on affected devices. The issues, tracked as CVE-2023-40151 and CVE-2023-42770, carry the maximum CVSS score, 10.0, highlighting the high risk to industrial control systems across energy, water, transportation,

Two Critical Red Lion RTU Flaws Rated CVSS 10.0 Could Give Hackers Full Industrial Control Read More »

Chinese Hackers Employ Geo Mapping Tool to Maintain Year Long Persistence

Researchers have discovered that the China-backed advanced persistent threat (APT) group Flax Typhoon maintained long-term access to a geographic information system (ArcGIS) by exploiting trusted software components. Instead of using traditional malware, the attackers converted a legitimate software extension into a persistent backdoor, forcing even the vendor to update its documentation. Turning Legitimate Software into

Chinese Hackers Employ Geo Mapping Tool to Maintain Year Long Persistence Read More »

Chrome Use-After-Free Vulnerability Enables Remote Code Execution

Google has released an urgent security update for its Chrome browser after identifying a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ devices. This flaw, if exploited, could let hackers take full control of a system simply through a malicious website visit, making it critical for users to update immediately.

Chrome Use-After-Free Vulnerability Enables Remote Code Execution Read More »

Active Exploitation of Windows Remote Access Connection Manager 0-Day Vulnerability

Microsoft has issued a serious warning after confirming that a newly discovered zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service is being actively exploited in real-world attacks. The flaw allows threat actors to gain SYSTEM-level privileges, giving them complete control over the targeted machine. This vulnerability, tracked as CVE-2025-59230, is considered a

Active Exploitation of Windows Remote Access Connection Manager 0-Day Vulnerability Read More »

FortiPAM and FortiSwitch Manager Flaws Allow Attackers to Bypass Authentication

Fortinet has released an urgent security advisory about a critical vulnerability affecting FortiPAM and FortiSwitch Manager. The flaw could allow threat actors to completely bypass authentication mechanisms by using brute-force attack methods, giving them potential access to sensitive systems. Technical Details This vulnerability, tracked as CVE-2025-49201, results from a weak authentication mechanism in the Web

FortiPAM and FortiSwitch Manager Flaws Allow Attackers to Bypass Authentication Read More »