Zero-Day

Hackers Exploit 34 Zero-Day Flaws and Earn $522,500 at Pwn2Own Ireland 2025

The first day of Pwn2Own Ireland 2025 concluded with remarkable results, as security researchers discovered 34 distinct zero-day vulnerabilities across a variety of smart devices. Every single exploit attempt succeeded, resulting in a total prize payout of $522,500. The event, taking place in Cork, Ireland, from October 21 to 24, brings together elite hackers to […]

Hackers Exploit 34 Zero-Day Flaws and Earn $522,500 at Pwn2Own Ireland 2025 Read More »

CISA Adds Five Actively Exploited Vulnerabilities to Catalog Targeting Oracle and Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. This update officially confirms that a newly disclosed flaw in Oracle E-Business Suite (EBS) has been weaponized in real-world attacks, posing serious risks to organizations using affected systems. Oracle E-Business Suite Flaws Under Attack

CISA Adds Five Actively Exploited Vulnerabilities to Catalog Targeting Oracle and Microsoft Read More »

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a severe security flaw affecting Adobe Experience Manager (AEM). The flaw, now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, has been confirmed to be under active exploitation. With a CVSS score of 10.0, this bug represents the highest level of

CISA Warns of Adobe AEM Vulnerability Rated CVSS 10.0 Under Active Exploitation Read More »

New SAP NetWeaver Vulnerability Allows Server Takeover Without Authentication

SAP has released updates addressing 13 security flaws, with special focus on a critical vulnerability in SAP NetWeaver AS Java that could allow attackers to execute arbitrary commands. Tracked as CVE-2025-42944, this flaw has a CVSS score of 10.0, making it highly severe. Security experts classify it as an insecure deserialization issue. According to CVE.org,

New SAP NetWeaver Vulnerability Allows Server Takeover Without Authentication Read More »

Fortra Discloses Full Timeline of CVE-2025-10035 Exploitation, from Detection to Patch

Fortra has officially disclosed the complete timeline of events surrounding the exploitation of CVE-2025-10035, a critical vulnerability in its GoAnywhere Managed File Transfer (MFT) software. The flaw has reportedly been under active attack since at least September 11, 2025. Investigation and Initial Discovery According to Fortra, the investigation began on September 11 after a customer

Fortra Discloses Full Timeline of CVE-2025-10035 Exploitation, from Detection to Patch Read More »

Linux Kernel ksmbd Filesystem Flaw Exploited, Proof of Concept Released

Security researchers have published a full proof-of-concept exploit for a serious vulnerability in the Linux kernel ksmbd module, showing a reliable route to local privilege escalation. The issue, tracked as CVE-2025-37947, is an out-of-bounds write that an authenticated local user can abuse to gain full root control on affected systems. What the bug is, and

Linux Kernel ksmbd Filesystem Flaw Exploited, Proof of Concept Released Read More »

Proof of Concept Exploit Released for Nothing Phone Remote Code Execution Vulnerability

A proof of concept exploit, called Fenrir and published by researcher R0rt1z2, has been released for a critical weakness in the secure boot chain used by the Nothing Phone (2a) and CMF Phone 1, and likely present in other devices using MediaTek system on chips. The exploit lets an attacker run code at the highest

Proof of Concept Exploit Released for Nothing Phone Remote Code Execution Vulnerability Read More »

Critical Figma MCP Flaw Allows Remote Code Execution, Users Urged to Patch Immediately

A serious security flaw has been discovered in the figma-developer-mcp (Model Context Protocol) server, which could allow attackers to execute arbitrary code remotely. Although the issue has now been patched, experts are warning users to update immediately to prevent exploitation. Details of the Vulnerability The vulnerability, tracked as CVE-2025-53967 with a CVSS score of 7.5,

Critical Figma MCP Flaw Allows Remote Code Execution, Users Urged to Patch Immediately Read More »

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access

A newly uncovered remote code execution (RCE) flaw in Redis, known as RediShell, has revealed that attackers could gain complete control over the host system. The issue, tracked as CVE-2025-49844, was discovered by Wiz Research and carries the maximum CVSS score of 10.0, placing it among the most critical security threats identified to date. The

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access Read More »

Google Chrome RCE Flaw Disclosed, Exploit Code Published

Researchers have published full technical details and proof-of-concept exploit code for a critical remote code execution, RCE, vulnerability in Google Chrome’s V8 JavaScript engine. The bug stems from a WebAssembly type canonicalization regression that creates nullability confusion, and a separate JavaScript Promise Integration, JSPI, state-switching weakness that enables a novel sandbox bypass. This article explains

Google Chrome RCE Flaw Disclosed, Exploit Code Published Read More »