Vulnerabilities

TP-Link Fixes Four Security Bugs in Omada Gateways, Including Two Remote Code Execution Risks

TP-Link has issued security patches to fix four vulnerabilities affecting its Omada gateway devices. Among them are two critical flaws that could allow attackers to execute arbitrary code remotely. Overview of Vulnerabilities The identified vulnerabilities are as follows: According to TP-Link’s advisory published on Tuesday, “Attackers may execute arbitrary commands on the device’s underlying operating […]

TP-Link Fixes Four Security Bugs in Omada Gateways, Including Two Remote Code Execution Risks Read More »

CISA Adds Five Actively Exploited Vulnerabilities to Catalog Targeting Oracle and Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. This update officially confirms that a newly disclosed flaw in Oracle E-Business Suite (EBS) has been weaponized in real-world attacks, posing serious risks to organizations using affected systems. Oracle E-Business Suite Flaws Under Attack

CISA Adds Five Actively Exploited Vulnerabilities to Catalog Targeting Oracle and Microsoft Read More »

North Korean Hackers Merge BeaverTail and OtterCookie into Sophisticated JavaScript Malware

North Korean hackers linked to the Contagious Interview campaign are enhancing their malicious tools by merging two major malware families, BeaverTail and OtterCookie. This evolution, observed by Cisco Talos, shows that the group is actively upgrading its capabilities and refining its JavaScript-based attack methods. Ongoing Campaign and New Findings According to Cisco Talos, the recent

North Korean Hackers Merge BeaverTail and OtterCookie into Sophisticated JavaScript Malware Read More »

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security

Microsoft has revealed two major security vulnerabilities in its Windows BitLocker encryption system that could let attackers with physical access bypass data protection and read encrypted files. The flaws, listed as CVE-2025-55338 and CVE-2025-55333, were disclosed on October 14, 2025, as part of Microsoft’s Patch Tuesday updates. Both issues are rated Important with a CVSS

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security Read More »

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a severe security flaw affecting Adobe Experience Manager (AEM). The flaw, now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, has been confirmed to be under active exploitation. With a CVSS score of 10.0, this bug represents the highest level of

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation Read More »

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Veeam has issued an urgent security update to fix several critical remote code execution (RCE) vulnerabilities affecting Veeam Backup & Replication version 12. These flaws could let authenticated domain users execute malicious code on backup servers and infrastructure hosts, posing a severe threat to organizations. Two of the most dangerous vulnerabilities specifically impact domain-joined installations

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code Read More »

100+ VS Code Extensions Found Exposing Developers to Hidden Supply Chain Threats

Recent research has revealed that more than 100 Visual Studio Code (VS Code) extensions have inadvertently leaked access tokens, creating a critical risk in the software supply chain. Malicious actors could exploit these tokens to push updates to the extensions, potentially compromising developers’ systems. Critical Risk of Leaked Tokens According to Wiz security researcher Rami

100+ VS Code Extensions Found Exposing Developers to Hidden Supply Chain Threats Read More »

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access

Cybersecurity researchers have reported an active exploitation of a serious security flaw in ICTBroadcast, the autodialer software developed by ICT Innovations. The vulnerability, tracked as CVE-2025-2611 and assigned a CVSS score of 9.3, arises from insufficient input validation. This flaw allows unauthenticated remote code execution, as the call center application improperly passes session cookie data

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access Read More »

New SAP NetWeaver Vulnerability Allows Server Takeover Without Authentication

SAP has released updates addressing 13 security flaws, with special focus on a critical vulnerability in SAP NetWeaver AS Java that could allow attackers to execute arbitrary commands. Tracked as CVE-2025-42944, this flaw has a CVSS score of 10.0, making it highly severe. Security experts classify it as an insecure deserialization issue. According to CVE.org,

New SAP NetWeaver Vulnerability Allows Server Takeover Without Authentication Read More »

Two Critical Red Lion RTU Flaws Rated CVSS 10.0 Could Give Hackers Full Industrial Control

Cybersecurity researchers have disclosed two severe vulnerabilities in Red Lion Sixnet remote terminal units, RTUs, that together can allow unauthenticated attackers to gain root level code execution on affected devices. The issues, tracked as CVE-2023-40151 and CVE-2023-42770, carry the maximum CVSS score, 10.0, highlighting the high risk to industrial control systems across energy, water, transportation,

Two Critical Red Lion RTU Flaws Rated CVSS 10.0 Could Give Hackers Full Industrial Control Read More »