Vulnerabilities

Google Chrome RCE Flaw Disclosed, Exploit Code Published

Researchers have published full technical details and proof-of-concept exploit code for a critical remote code execution, RCE, vulnerability in Google Chrome’s V8 JavaScript engine. The bug stems from a WebAssembly type canonicalization regression that creates nullability confusion, and a separate JavaScript Promise Integration, JSPI, state-switching weakness that enables a novel sandbox bypass. This article explains […]

Google Chrome RCE Flaw Disclosed, Exploit Code Published Read More »

PoC Released for Sudo Vulnerability Allowing Attackers to Gain Root Access

A public proof-of-concept, PoC, has been published for CVE-2025-32463, a local privilege escalation flaw in the Sudo utility that can allow a local attacker to gain root privileges under certain configurations. Security researcher Rich Mirch discovered the issue, and a working exploit plus usage instructions are available in an open GitHub repository, increasing the pressure

PoC Released for Sudo Vulnerability Allowing Attackers to Gain Root Access Read More »

Oracle Issues Urgent Patch for CVE-2025-61882 Exploited by Cl0p in Data Theft Attacks

Oracle has released an emergency patch to address a serious security vulnerability in its E-Business Suite. The flaw, identified as CVE-2025-61882 with a CVSS score of 9.8, has already been actively exploited in data theft campaigns carried out by the Cl0p ransomware group. Details of the Vulnerability The issue lies in the Oracle Concurrent Processing

Oracle Issues Urgent Patch for CVE-2025-61882 Exploited by Cl0p in Data Theft Attacks Read More »

CISA Warns Meteobridge CVE-2025-4008 Vulnerability Is Actively Exploited

Security firm ONEKEY, which discovered and reported the flaw in February 2025, explained that the Meteobridge web application, built using CGI shell scripts and C, exposes a script called template.cgi through the /cgi-bin/template.cgi directory. This script’s insecure use of eval makes it possible for attackers to inject malicious commands through specially crafted requests. For instance,

CISA Warns Meteobridge CVE-2025-4008 Vulnerability Is Actively Exploited Read More »

$50 Battering RAM Attack Breaks Intel, AMD Cloud Security Protections

The researchers describe a simple interposer, which can be assembled for about $50, that sits between the processor and the DDR4 memory modules. During system start, the interposer remains transparent and passes all integrity and trust checks. At runtime, however, the device can be flipped into an active mode, where it stealthily remaps physical addresses

$50 Battering RAM Attack Breaks Intel, AMD Cloud Security Protections Read More »

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware

The U.K. National Cyber Security Centre (NCSC) and Cisco have confirmed active exploitation of recently disclosed vulnerabilities in Cisco ASA firewalls to deploy highly persistent and evasive malware families, called RayInitiator and LINE VIPER. The campaign, attributed to a cluster named ArcaneDoor and linked to UAT4356 (aka Storm-1849), targets ASA 5500-X Series appliances, and in

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware Read More »

Microsoft Patches Entra ID Security Flaw Allowing Cross-Tenant Global Admin Impersonation

Summary, a critical token validation failure in Microsoft Entra ID, formerly Azure Active Directory, could have let attackers impersonate any user, including Global Administrators, across tenants. The flaw, tracked as CVE-2025-55241, received a CVSS score of 10.0, and Microsoft describes it as a privilege escalation issue in Entra ID. Microsoft fixed the problem on July

Microsoft Patches Entra ID Security Flaw Allowing Cross-Tenant Global Admin Impersonation Read More »

CISA Warns Of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 And CVE-2025-4428

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a detailed advisory highlighting the discovery of two different malware strains that exploited security flaws in Ivanti Endpoint Manager Mobile (EPMM). The malicious activity was identified inside the network of an unnamed organization, where attackers leveraged vulnerabilities CVE-2025-4427 and CVE-2025-4428 to compromise systems. How the

CISA Warns Of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 And CVE-2025-4428 Read More »

CISA warns of active exploitation of critical CVE-2025-5086 in DELMIA Apriso

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new critical vulnerability, CVE-2025-5086, to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence of active attacks targeting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software. Details of the Vulnerability The flaw, rated CVSS 9.0 (critical), affects DELMIA Apriso versions from Release 2020

CISA warns of active exploitation of critical CVE-2025-5086 in DELMIA Apriso Read More »

CISA Mandates Urgent Patching of Critical Sitecore Vulnerability Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed Federal Civilian Executive Branch (FCEB) agencies to urgently patch their Sitecore systems by September 25, 2025, after confirming that a critical flaw is actively being exploited. Details of the Vulnerability The flaw, tracked as CVE-2025-53690, holds a CVSS score of 9.0, marking it as highly

CISA Mandates Urgent Patching of Critical Sitecore Vulnerability Under Active Attack Read More »