Zero-Day

Linux Kernel ksmbd Filesystem Flaw Exploited, Proof of Concept Released

Security researchers have published a full proof-of-concept exploit for a serious vulnerability in the Linux kernel ksmbd module, showing a reliable route to local privilege escalation. The issue, tracked as CVE-2025-37947, is an out-of-bounds write that an authenticated local user can abuse to gain full root control on affected systems. What the bug is, and […]

Linux Kernel ksmbd Filesystem Flaw Exploited, Proof of Concept Released Read More »

Proof of Concept Exploit Released for Nothing Phone Remote Code Execution Vulnerability

A proof of concept exploit, called Fenrir and published by researcher R0rt1z2, has been released for a critical weakness in the secure boot chain used by the Nothing Phone (2a) and CMF Phone 1, and likely present in other devices using MediaTek system on chips. The exploit lets an attacker run code at the highest

Proof of Concept Exploit Released for Nothing Phone Remote Code Execution Vulnerability Read More »

Critical Figma MCP Flaw Allows Remote Code Execution, Users Urged to Patch Immediately

A serious security flaw has been discovered in the figma-developer-mcp (Model Context Protocol) server, which could allow attackers to execute arbitrary code remotely. Although the issue has now been patched, experts are warning users to update immediately to prevent exploitation. Details of the Vulnerability The vulnerability, tracked as CVE-2025-53967 with a CVSS score of 7.5,

Critical Figma MCP Flaw Allows Remote Code Execution, Users Urged to Patch Immediately Read More »

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access

A newly uncovered remote code execution (RCE) flaw in Redis, known as RediShell, has revealed that attackers could gain complete control over the host system. The issue, tracked as CVE-2025-49844, was discovered by Wiz Research and carries the maximum CVSS score of 10.0, placing it among the most critical security threats identified to date. The

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access Read More »

Google Chrome RCE Flaw Disclosed, Exploit Code Published

Researchers have published full technical details and proof-of-concept exploit code for a critical remote code execution, RCE, vulnerability in Google Chrome’s V8 JavaScript engine. The bug stems from a WebAssembly type canonicalization regression that creates nullability confusion, and a separate JavaScript Promise Integration, JSPI, state-switching weakness that enables a novel sandbox bypass. This article explains

Google Chrome RCE Flaw Disclosed, Exploit Code Published Read More »

CISA Warns Meteobridge CVE-2025-4008 Vulnerability Is Actively Exploited

Security firm ONEKEY, which discovered and reported the flaw in February 2025, explained that the Meteobridge web application, built using CGI shell scripts and C, exposes a script called template.cgi through the /cgi-bin/template.cgi directory. This script’s insecure use of eval makes it possible for attackers to inject malicious commands through specially crafted requests. For instance,

CISA Warns Meteobridge CVE-2025-4008 Vulnerability Is Actively Exploited Read More »

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024

A critical security flaw in Broadcom VMware Tools and VMware Aria Operations has been actively exploited since October 2024. According to cybersecurity researchers at NVISO Labs, the attacks are linked to a China-based hacking group tracked as UNC5174 (also known as Uteus or Uetus). The bug, identified as CVE-2025-41244 with a CVSS score of 7.8,

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024 Read More »

Fortra GoAnywhere CVSS 10 Vulnerability Exploited as Zero-Day Before Disclosure

Cybersecurity firm watchTowr Labs has revealed that attackers began exploiting a severe flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a full week before it was publicly disclosed. According to Benjamin Harris, CEO and Founder of watchTowr, this is not simply a CVSS 10.0 vulnerability in software often

Fortra GoAnywhere CVSS 10 Vulnerability Exploited as Zero-Day Before Disclosure Read More »

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware

The U.K. National Cyber Security Centre (NCSC) and Cisco have confirmed active exploitation of recently disclosed vulnerabilities in Cisco ASA firewalls to deploy highly persistent and evasive malware families, called RayInitiator and LINE VIPER. The campaign, attributed to a cluster named ArcaneDoor and linked to UAT4356 (aka Storm-1849), targets ASA 5500-X Series appliances, and in

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware Read More »

add a heading (1)

PoC Exploit and Technical Analysis Published for Apple Zero-Day RCE Vulnerability

A newly disclosed critical zero-click exploit (CVE-2025-43300) poses a serious threat to Apple devices. The flaw exists in Apple’s RawCamera.bundle, specifically within the JPEG Lossless Decompression implementation, and allows attackers to execute arbitrary code by sending maliciously crafted DNG (Digital Negative) files. What makes this vulnerability alarming is that no user interaction is required. Simply

PoC Exploit and Technical Analysis Published for Apple Zero-Day RCE Vulnerability Read More »