Vulnerabilities

SAP S/4HANA Critical Flaw CVE-2025-42957 Actively Exploited in the Wild

A severe security flaw has been discovered in SAP S/4HANA, the widely used Enterprise Resource Planning (ERP) platform. The vulnerability, identified as CVE-2025-42957 with a CVSS score of 9.9, is currently being exploited in real-world attacks. Vulnerability Details This is a command injection vulnerability that affects the function module exposed through Remote Function Calls (RFC). […]

SAP S/4HANA Critical Flaw CVE-2025-42957 Actively Exploited in the Wild Read More »

Apache DolphinScheduler Default Permissions Vulnerability Patched, Update Immediately

A serious security flaw has been patched in Apache DolphinScheduler, a widely used open-source workflow scheduling platform. The Apache Software Foundation is urging all users to update immediately, as the vulnerability exposes systems to unauthorized access and data compromise. Nature of the Vulnerability The issue stems from overly permissive default settings in DolphinScheduler. During the

Apache DolphinScheduler Default Permissions Vulnerability Patched, Update Immediately Read More »

CISA Alerts on Critical SunPower Vulnerability Allowing Attackers Full Device Access

The Cybersecurity and Infrastructure Security Agency (CISA) has released a high-priority security advisory concerning a critical flaw in SunPower PVS6 solar monitoring devices. This weakness, registered as CVE-2025-9696, could give cyber attackers full administrative control over affected systems, creating serious risks for solar energy infrastructure across the globe. Overview of the Vulnerability The flaw arises

CISA Alerts on Critical SunPower Vulnerability Allowing Attackers Full Device Access Read More »

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

CISA Flags TP-Link and WhatsApp Flaws in KEV Catalog Amid Ongoing Exploitation image import The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations about the growing risk of active exploitation. These flaws impact TP-Link TL-WA855RE Wi-Fi Range Extenders and the

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation Read More »

fake tesla websites

Sitecore Exploit Chain Links Cache Poisoning to RCE

New Vulnerabilities in Sitecore Experience Platform Security researchers from watchTowr Labs have uncovered three critical vulnerabilities in the Sitecore Experience Platform. If exploited, these flaws could allow attackers to perform information disclosure and even achieve remote code execution (RCE) on targeted systems. The reported vulnerabilities include: Sitecore released patches for CVE-2025-53693 and CVE-2025-53691 in June

Sitecore Exploit Chain Links Cache Poisoning to RCE Read More »

add a heading (15)

VS Code Flaw Lets Attackers Republish Deleted Extensions

Cybersecurity experts have uncovered a loophole in the Visual Studio Code (VS Code) Marketplace that allows attackers to reuse the names of extensions that were previously removed. The discovery was made by ReversingLabs, a software supply chain security company, after identifying a malicious extension named “ahbanC.shiba”. This extension behaved similarly to two earlier extensions –

VS Code Flaw Lets Attackers Republish Deleted Extensions Read More »

add a heading (14)

Hidden Flaws in Project Tools and How FluentPro Backup Provides the Fix

Every day, countless businesses and project managers rely on platforms like Trello, Asana, Monday.com, and others to manage tasks and collaborate. But what happens when these trusted tools fail? According to a Statista report, the global average cost of a data breach is around $4.88 million. In 2024, the private data of over 15 million

Hidden Flaws in Project Tools and How FluentPro Backup Provides the Fix Read More »

add a heading (11)

Kea DHCP Vulnerability Enables Remote Crash Attack

A newly revealed security flaw in the ISC Kea DHCP server has raised serious concerns for organizations worldwide. Tracked as CVE-2025-40779, this vulnerability allows remote attackers to crash DHCPv4 services using a single specially crafted unicast packet, leading to potential large-scale network disruptions. Key Points Technical Details The flaw arises from an assertion failure in

Kea DHCP Vulnerability Enables Remote Crash Attack Read More »

add a heading (10)

CISA Issues Warning on Citrix NetScaler Zero-Day RCE Exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent advisory about a newly discovered zero-day flaw in Citrix NetScaler appliances. The issue, tracked as CVE-2025-7775, is a memory overflow vulnerability that enables remote code execution (RCE). Reports confirm that threat actors are already exploiting this weakness, which led to its immediate addition

CISA Issues Warning on Citrix NetScaler Zero-Day RCE Exploit Read More »

5g (5)

Critical Chrome Use After Free Vulnerability Enables Arbitrary Code Execution

Google has released an urgent security update for Chrome to fix a critical use-after-free (UAF) vulnerability (CVE-2025-9478) found in the ANGLE graphics library. This flaw could allow attackers to execute arbitrary code and potentially take over affected systems. The issue impacts Chrome versions earlier than 139.0.7258.154/.155 across Windows, macOS, and Linux. Discovery and Severity The

Critical Chrome Use After Free Vulnerability Enables Arbitrary Code Execution Read More »