Vulnerabilities

fake tesla websites

Sitecore Exploit Chain Links Cache Poisoning to RCE

New Vulnerabilities in Sitecore Experience Platform Security researchers from watchTowr Labs have uncovered three critical vulnerabilities in the Sitecore Experience Platform. If exploited, these flaws could allow attackers to perform information disclosure and even achieve remote code execution (RCE) on targeted systems. The reported vulnerabilities include: Sitecore released patches for CVE-2025-53693 and CVE-2025-53691 in June […]

Sitecore Exploit Chain Links Cache Poisoning to RCE Read More »

add a heading (15)

VS Code Flaw Lets Attackers Republish Deleted Extensions

Cybersecurity experts have uncovered a loophole in the Visual Studio Code (VS Code) Marketplace that allows attackers to reuse the names of extensions that were previously removed. The discovery was made by ReversingLabs, a software supply chain security company, after identifying a malicious extension named “ahbanC.shiba”. This extension behaved similarly to two earlier extensions –

VS Code Flaw Lets Attackers Republish Deleted Extensions Read More »

add a heading (14)

Hidden Flaws in Project Tools and How FluentPro Backup Provides the Fix

Every day, countless businesses and project managers rely on platforms like Trello, Asana, Monday.com, and others to manage tasks and collaborate. But what happens when these trusted tools fail? According to a Statista report, the global average cost of a data breach is around $4.88 million. In 2024, the private data of over 15 million

Hidden Flaws in Project Tools and How FluentPro Backup Provides the Fix Read More »

add a heading (11)

Kea DHCP Vulnerability Enables Remote Crash Attack

A newly revealed security flaw in the ISC Kea DHCP server has raised serious concerns for organizations worldwide. Tracked as CVE-2025-40779, this vulnerability allows remote attackers to crash DHCPv4 services using a single specially crafted unicast packet, leading to potential large-scale network disruptions. Key Points Technical Details The flaw arises from an assertion failure in

Kea DHCP Vulnerability Enables Remote Crash Attack Read More »

add a heading (10)

CISA Issues Warning on Citrix NetScaler Zero-Day RCE Exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent advisory about a newly discovered zero-day flaw in Citrix NetScaler appliances. The issue, tracked as CVE-2025-7775, is a memory overflow vulnerability that enables remote code execution (RCE). Reports confirm that threat actors are already exploiting this weakness, which led to its immediate addition

CISA Issues Warning on Citrix NetScaler Zero-Day RCE Exploit Read More »

5g (5)

Critical Chrome Use After Free Vulnerability Enables Arbitrary Code Execution

Google has released an urgent security update for Chrome to fix a critical use-after-free (UAF) vulnerability (CVE-2025-9478) found in the ANGLE graphics library. This flaw could allow attackers to execute arbitrary code and potentially take over affected systems. The issue impacts Chrome versions earlier than 139.0.7258.154/.155 across Windows, macOS, and Linux. Discovery and Severity The

Critical Chrome Use After Free Vulnerability Enables Arbitrary Code Execution Read More »

5g (2)

Securden Unified PAM Flaw Allows Attackers to Bypass Authentication

Cybersecurity experts have identified a severe security vulnerability in Securden Unified PAM, allowing attackers to fully bypass authentication and gain unauthorized access to sensitive credentials and system functions. The flaw, tracked as CVE-2025-53118 with a CVSS score of 9.4, is one of four major issues discovered in the privileged access management (PAM) platform that could

Securden Unified PAM Flaw Allows Attackers to Bypass Authentication Read More »

add a heading (5)

Docker Patches CVE-2025-9074 Critical Container Escape Vulnerability (CVSS 9.3)

Docker has rolled out security updates to fix a critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS. This flaw, rated 9.3 out of 10 on the CVSS scale, could allow attackers to escape container isolation and gain host-level access. The issue has been patched in Docker Desktop version 4.44.3. According to Docker’s security

Docker Patches CVE-2025-9074 Critical Container Escape Vulnerability (CVSS 9.3) Read More »

add a heading (3)

CISA Alerts on Citrix RCE and Privilege Escalation Flaws Being Exploited

CISA has released a critical security advisory highlighting three recently discovered vulnerabilities that are actively targeted by attackers. On August 25, 2025, these high-risk Common Vulnerabilities and Exposures (CVEs) were added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, signaling an urgent need for both government agencies and private organizations to act swiftly. Key Highlights Citrix

CISA Alerts on Citrix RCE and Privilege Escalation Flaws Being Exploited Read More »

add a heading (2)

30,000+ IPs Used by Hackers to Scan and Exploit Microsoft Remote Desktop Protocol (RDP) Services

A large-scale coordinated campaign has been detected targeting Microsoft Remote Desktop Protocol (RDP) services, where attackers deployed more than 30,000 unique IP addresses to probe for weaknesses in RD Web Access and RDP Web Client authentication portals. Security analysts warn that this represents one of the largest RDP reconnaissance operations in recent years, suggesting that

30,000+ IPs Used by Hackers to Scan and Exploit Microsoft Remote Desktop Protocol (RDP) Services Read More »