A serious vulnerability in the GNU InetUtils telnet daemon allows attackers to gain root access with a simple command, going unnoticed for nearly 11 years. Security experts urge users to update or replace telnetd, as exploitation attempts are already underway. National cybersecurity agencies recommend decommissioning telnet services due to their inherent risks.

Ransomware gangs are actively exploiting the VMware ESXi flaw CVE-2025-22225, which allows attackers to escape the VMX sandbox. Researchers found evidence of a toolkit used in these attacks, indicating that the vulnerabilities were known to the threat actors long before their public disclosure. CISA has confirmed the flaw's involvement in ongoing ransomware incidents.

A high-severity path traversal vulnerability was found in Docker Compose's support for OCI artifacts, allowing attackers to write arbitrary files on the host system. This flaw could be triggered by running commands like "docker compose ps" with malicious Compose files, potentially leading to unauthorized access. Users are urged to upgrade to Docker version v2.40.2 or later to mitigate the issue.

This article discusses security vulnerabilities found in Command & Conquer: Generals, particularly in its online multiplayer functionality. The authors detail a memory corruption issue that allows for remote code execution, demonstrating the exploit with a custom worm. They also provide insights into the game's network architecture and packet structure.

A serious vulnerability in n8n allows authenticated users to execute arbitrary commands on the host system. This flaw, tracked as CVE-2025-68668, affects versions 1.0.0 to just before 2.0.0 and has been fixed in the latest release. Users are advised to implement specific workarounds until they upgrade.

This article details a critical vulnerability in OpenClaw, an open-source AI assistant, that allows an attacker to execute remote code with a single click. By exploiting logic flaws in the app's code, the attacker can hijack user data and bypass security measures. Users are urged to update to the latest version to protect against this exploit.

A serious vulnerability in 7-Zip, tracked as CVE-2025-11001, allows attackers to execute arbitrary code by exploiting how older versions handle ZIP files. Although active exploitation hasn't been seen yet, a public proof-of-concept increases the risk of future attacks, especially on Windows systems with privileged accounts. Users must manually update to version 25.01 to mitigate the threat.

This article details a vulnerability in Kubernetes where service accounts with nodes/proxy GET permissions can execute commands in any Pod across reachable Nodes. This issue arises from how the Kubelet authorizes WebSocket connections, potentially leading to full cluster compromise without proper logging.

This article discusses the MongoBleed vulnerability (CVE-2025-14847), which allows attackers to read sensitive data from the heap memory of MongoDB databases. The vulnerability affects all versions since 2017 and can be exploited without authentication, posing significant risks to publicly-accessible instances.

The DeFi protocol Balancer may have been exploited, with over $128.6 million in assets withdrawn from its vaults. The issue appears linked to a faulty smart contract check, and the attack is reportedly ongoing across multiple chains. Balancer is investigating the situation and has confirmed the exploit.

The author discusses the challenge of creating a stable authenticated 0-click exploit for the Linux Kernel SMB3 Daemon (ksmbd), using real-world CVEs to demonstrate the process. They detail the selection of specific vulnerabilities, including a controlled SLUB overflow and an authenticated remote leak, to build an effective exploit chain. The article emphasizes the abundance of vulnerabilities in ksmbd and the importance of vulnerability research in developing exploits.

The article discusses the SessionReaper exploit related to CVE-2025-54236, detailing its implications for session management vulnerabilities in web applications. It provides insights into how attackers can leverage this exploit to hijack user sessions and emphasizes the importance of addressing such security flaws to protect sensitive information.

The article discusses a vulnerability discovered in the MCP (Multi-Chain Protocol) on GitHub, detailing its implications for security and potential exploits. It emphasizes the importance of addressing such vulnerabilities promptly to safeguard projects and users relying on the MCP framework.

Hackers are exploiting the CVE-2025-42957 vulnerability in SAP systems, which can lead to significant security breaches. The flaw allows unauthorized access and manipulation of sensitive data, prompting urgent updates and patches from SAP to protect affected users.

A security researcher has discovered a significant vulnerability in a signed Windows driver, referred to as the Silver Fox exploit, which is associated with the ValleyRat malware. This exploit allows attackers to bypass security mechanisms and gain unauthorized access to systems, emphasizing the need for users to ensure their drivers are from trusted sources to mitigate risks.

A critical vulnerability in Apache ActiveMQ has been exploited, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2025-XXXX, poses significant risks for users who have not applied the necessary security updates, making it imperative for organizations to secure their installations immediately.

SetupHijack is a security research tool designed to exploit vulnerabilities in Windows installer and update processes by hijacking file drops in writable directories. It allows attackers to replace legitimate files with malicious payloads, executing them with elevated privileges without needing admin access. The tool is intended for red team, penetration testing, and security research applications, emphasizing controlled and authorized use only.

The article discusses the resurgence of browser cache smuggling techniques, specifically focusing on the use of "droppers" as a method to exploit cache mechanisms. It explores the implications for web security and the potential risks associated with these vulnerabilities in modern browsers.

A critical remote vulnerability has been discovered in MCP software, posing significant risks to users. The flaw allows attackers to exploit the system remotely, potentially leading to unauthorized access and data breaches. Immediate updates and patches are recommended to mitigate the threat.

Google has released a security update for Chrome to address multiple vulnerabilities, including a high-severity sandbox escape flaw (CVE-2025-6558) that is actively being exploited. Users are urged to update to version 138.0.7204.157/.158 to mitigate risks, as the vulnerability allows attackers to execute arbitrary code through specially crafted HTML. This marks the fifth actively exploited flaw fixed in Chrome this year, following several others related to the V8 engine and browser security.

Researchers have discovered a significant security flaw known as "ecscape" that affects various systems, potentially allowing attackers to exploit vulnerabilities and gain unauthorized access. The flaw highlights the need for immediate updates and patches to mitigate risks associated with this vulnerability.

A critical vulnerability has been identified in the MCP server that could allow attackers to execute arbitrary code. The flaw poses serious security risks, and users are urged to apply patches and updates to protect their systems from potential exploitation. Cybersecurity experts are advising immediate action to mitigate the risks associated with this vulnerability.

GMX V1 exchange has suffered a significant security breach, resulting in the loss of approximately $40 million. The exploit targeted vulnerabilities in the platform's smart contracts, raising alarms in the decentralized finance (DeFi) community regarding the safety of user assets. Investigations are ongoing to understand the full impact of the attack and measures to prevent future incidents.

A newly discovered vulnerability in the Cursors component of Microsoft Windows allows hackers to execute arbitrary code on affected systems. This flaw, identified as CVE-2023-38831, can be exploited through specially crafted files, prompting urgent updates from Microsoft to mitigate potential attacks. Users are advised to patch their systems to safeguard against this security threat.

ResupplyFi, a decentralized finance (DeFi) platform, suffered a significant exploit resulting in a loss of $96 million in Wrapped Staked Ether (wstETH). The incident has raised concerns about security vulnerabilities in DeFi protocols as the platform seeks to recover from the attack and restore user trust.