100 links
tagged with all of: security + vulnerability
Click any tag below to further narrow down your results
Links
Google Gemini's Command-Line Interface (CLI) has been found to be vulnerable to prompt injection attacks, allowing for potential arbitrary code execution. This security flaw raises concerns about the safety and reliability of utilizing AI models in various applications.
The article discusses a significant incident in March 2025 involving vulnerabilities discovered in the Node.js CI/CD pipeline, which potentially exposed sensitive information. The response to the incident highlights the importance of security measures and the ongoing commitment to improving Node.js infrastructure and practices.
A security vulnerability was discovered in NVIDIA's GPU drivers, affecting various operating systems and software configurations. An incomplete patch released by NVIDIA has led to ongoing risks for users, prompting the need for further updates to fully address the security issues. Experts recommend that users remain vigilant and apply additional security measures until a complete fix is implemented.
ExpressVPN has addressed a vulnerability in its Windows client that allowed Remote Desktop Protocol (RDP) traffic to bypass the VPN tunnel, potentially exposing users' real IP addresses. The issue stemmed from leftover debug code in production builds, and the company has since released a patch to fix it, urging users to update to the latest version for improved security. While the leak affected a small number of users primarily using RDP, ExpressVPN will enhance its internal checks to prevent similar issues in the future.
TP-Link has acknowledged a zero-day vulnerability affecting multiple router models, which allows for remote code execution due to a stack-based buffer overflow in its CWMP implementation. While a patch is available for European models, users are advised to change default passwords and disable CWMP if not needed until more fixes are released. Additionally, CISA has warned about previously exploited vulnerabilities in TP-Link routers that have been used by threat actors for malicious activities.
The article discusses how the author utilized the O3 tool to identify CVE-2025-37899, a remote zero-day vulnerability in the SMB implementation of the Linux kernel. It details the process of discovering the vulnerability and its implications for security practices in the Linux environment.
Hackers have begun exploiting a critical authentication bypass vulnerability in the OttoKit WordPress plugin just hours after its public disclosure. Users are urged to upgrade to version 1.0.79 to prevent unauthorized access, as attackers can create new admin accounts without authentication. Swift action is necessary to mitigate the risk of full site takeover following the flaw's identification as CVE-2025-3102.
A critical vulnerability has been identified in the async-tar Rust library, which is widely used in various applications. This issue could potentially lead to arbitrary code execution and underscores the importance of addressing security flaws in open-source software. Developers are urged to update their libraries to mitigate risks associated with this vulnerability.
OpenAI has introduced its Outbound Coordinated Disclosure Policy to responsibly report vulnerabilities found in third-party software. This initiative aims to enhance digital security by fostering cooperation and transparency in the vulnerability disclosure process as AI systems become more adept at identifying security issues.
QNAP has alerted users to patch a critical vulnerability in the ASP.NET Core framework that affects its NetBak PC Agent, a Windows backup utility. The flaw, tracked as CVE-2025-55315, could allow attackers to hijack user credentials or bypass security controls, prompting QNAP to recommend updates to ensure system security. Users can either reinstall the app or manually update the ASP.NET Core components to mitigate risks.
A critical vulnerability has been discovered in Salesforce's AgentForce, which could potentially allow unauthorized access to sensitive data. This flaw poses significant risks, prompting immediate attention and action from Salesforce to secure their systems and protect user information.
The author discusses the challenge of creating a stable authenticated 0-click exploit for the Linux Kernel SMB3 Daemon (ksmbd), using real-world CVEs to demonstrate the process. They detail the selection of specific vulnerabilities, including a controlled SLUB overflow and an authenticated remote leak, to build an effective exploit chain. The article emphasizes the abundance of vulnerabilities in ksmbd and the importance of vulnerability research in developing exploits.
The Comet AI browser from Perplexity has raised significant security concerns after it was revealed that it could be manipulated by malicious websites. Unlike traditional browsers, AI browsers like Comet can execute commands and remember user interactions, making them vulnerable to exploitation if not designed with robust security measures. The article outlines the fundamental flaws in AI browser design and suggests necessary improvements to enhance user safety.
More than 200,000 WordPress websites are at risk due to a vulnerability in the Post SMTP plugin that allows low-privileged users to hijack administrator accounts. The flaw, identified as CVE-2025-24000, stems from inadequate permission checks in the plugin's REST API, enabling unauthorized access to sensitive email logs. Although a fix was released in version 3.3.0, many users have yet to update, leaving them exposed to potential attacks.
A security vulnerability has been discovered in the popular game Call of Duty, allowing for remote code execution on PC systems. This issue poses significant risks to players, especially when the game is played offline, as it could lead to unauthorized access to their computers. Players are advised to stay updated on patches and security measures to mitigate potential threats.
A vulnerability in the legacy Stripe API has been exploited by attackers to validate stolen credit card information. This exploitation allows unauthorized access to sensitive payment data, raising concerns over the security of outdated APIs in financial systems. Immediate measures are recommended for affected users to mitigate potential risks.
A security researcher discovered significant vulnerabilities in Volkswagen's mobile app, which potentially allowed unauthorized access to personal and vehicle information. The flaws included exposure of sensitive data through API endpoints, enabling malicious actors to gain control over vehicles and access private customer details. After reporting the issues to Volkswagen, the researcher helped facilitate the necessary security fixes.
Fortra has addressed a critical vulnerability in its GoAnywhere MFT software that could potentially allow unauthorized access to sensitive data. The flaw, identified as CVE-2023-0669, has been assigned a maximum severity rating and affects multiple versions of the software. Users are urged to update their systems to mitigate security risks associated with this vulnerability.
GlobalCVE is an open-source platform designed to aggregate global vulnerability intelligence, promoting clarity and collaboration. It features a security-centric design and an API-ready architecture for easy integration, inviting community contributions through GitHub.
The article discusses a vulnerability discovered in the MCP (Multi-Chain Protocol) on GitHub, detailing its implications for security and potential exploits. It emphasizes the importance of addressing such vulnerabilities promptly to safeguard projects and users relying on the MCP framework.
Docker has addressed a critical vulnerability identified as CVE-2025-9074 that could allow unauthorized access to sensitive information. Users are encouraged to update their Docker installations to mitigate potential security risks associated with this flaw.
A critical vulnerability (CVE-2025-49596) in the MCP Inspector debugging tool allows attackers to compromise developer machines simply by visiting malicious websites, turning trusted AI integration tools into backdoors for system takeovers. The article highlights the real-world implications of this vulnerability and stresses the importance of upgrading to the latest software version for security.
A critical vulnerability (CVE-2025-5947) in the Service Finder WordPress theme allows attackers to bypass authentication and gain administrator access, leading to significant exploitation attempts. With over 13,800 attempts recorded, users are urged to update to version 6.1 or discontinue use of the theme to mitigate risks.
A new tool called 'Defendnot' tricks Windows into disabling Microsoft Defender by registering a fake antivirus product using an undocumented Windows Security Center API. Created by researcher es3n1n, it bypasses security features by injecting a dummy antivirus DLL into a trusted system process, effectively leaving devices without active protection. Microsoft Defender has flagged Defendnot as a threat, highlighting vulnerabilities in trusted system features.
A vulnerability has been discovered in Canon printer drivers that allows hackers to execute malicious code on affected systems. Users are advised to update their drivers to mitigate potential security risks associated with this flaw. The issue highlights the importance of maintaining up-to-date software for safeguarding devices against cyber threats.
Microsoft’s Copilot for M365 has a significant vulnerability that allows users to access files without leaving an audit log entry, posing serious security and compliance risks. Despite fixing the issue, Microsoft has chosen not to inform customers or disclose the vulnerability publicly, raising concerns about their transparency and responsibility regarding security practices. The article details the author’s frustrating experience reporting the vulnerability and highlights the implications for organizations relying on accurate audit logs.
A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.
Researchers exploited a vulnerability in CodeRabbit, an AI code review tool, allowing them to achieve remote code execution (RCE) and gain read/write access to 1 million repositories. The exploitation involved creating a malicious pull request that leveraged a flaw in the integration of external static analysis tools, leading to the leakage of sensitive API tokens and secrets. CodeRabbit quickly remediated the vulnerabilities after disclosure, enhancing their security measures in response.
Cisco has addressed a critical vulnerability in its IOS XE Software for Wireless LAN Controllers, identified as CVE-2025-20188, which allows unauthenticated attackers to hijack devices due to a hard-coded JSON Web Token. Although the flaw is potent, it is only exploitable if the 'Out-of-Band AP Image Download' feature is enabled, which is not the default setting. Administrators are urged to apply security updates immediately to mitigate the risk.
A critical vulnerability in AWS Lambda functions allows attackers to exploit OS command injection through S3 file uploads, potentially compromising AWS credentials and enabling further malicious actions such as phishing via AWS SES. The article highlights the importance of proper configuration and vulnerability scanning to prevent such attacks in event-driven architectures.
A backdoor vulnerability has been discovered in Framework devices, which is signed and can operate undetected. This serious security flaw poses risks as it allows unauthorized access while hiding in plain sight, necessitating immediate attention from developers and users alike.
Hackers are exploiting the CVE-2025-42957 vulnerability in SAP systems, which can lead to significant security breaches. The flaw allows unauthorized access and manipulation of sensitive data, prompting urgent updates and patches from SAP to protect affected users.
Apple has released security updates to fix a high-severity vulnerability, CVE-2025-6558, that was exploited in zero-day attacks targeting Google Chrome users. The flaw allows remote attackers to execute arbitrary code in the browser's GPU process, potentially breaching the sandbox isolation from the operating system. CISA has also urged federal agencies to prioritize patching this vulnerability due to its significant risks.
A vulnerability in macOS, identified as CVE-2025-31250, allows applications to spoof permission prompts, misleading users about which application is requesting consent. Although patched in macOS Sequoia 15.5, earlier versions such as Ventura and Sonoma remain vulnerable. The author details the discovery process and technical aspects of the vulnerability, emphasizing the implications for user security.
A critical vulnerability in the Forminator plugin for WordPress, tracked as CVE-2025-6463, allows unauthenticated arbitrary file deletion, which could lead to full site takeover. The issue affects all versions up to 1.44.2 and is due to insufficient input validation, enabling attackers to delete essential files like wp-config.php. Users are urged to update to version 1.44.3 to mitigate the risk.
A long-standing deserialization vulnerability in SnakeYAML, which allowed for remote code execution in Java applications, was finally addressed after years of community discussion and a pivotal conversation between a security researcher and the library's maintainer. The change led to SnakeYAML 2.0 adopting secure defaults, preventing unsafe instantiation of classes from YAML tags unless explicitly configured. This shift highlights the importance of secure design in libraries and the need for developers to be aware of potential risks.
Google has resolved a critical bug that posed a risk of inadvertently exposing users' private phone numbers through its services. The company acted quickly to patch the vulnerability after it was discovered, ensuring that user privacy is maintained.
Cloudflare's blog post discusses a recently discovered vulnerability in HTTP/2, dubbed "madeyoureset," which could allow attackers to disrupt connections by causing server resets. The blog highlights the rapid mitigations implemented by Cloudflare to prevent potential exploitation of this vulnerability and emphasizes the importance of swift responses in maintaining web security.
A critical flaw in Microsoft Entra ID, involving undocumented actor tokens and a vulnerability in the Azure AD Graph API, allowed potential global access to any organization's tenant without leaving logs of the actions taken. Security researcher Dirk-jan Mollema discovered that these actor tokens could be exploited to impersonate users, including Global Administrators, leading to severe security risks. Microsoft has since patched the vulnerability and is in the process of deprecating the affected API service.
Tonic Security offers a context-driven Exposure Management platform designed to enhance visibility and streamline the remediation of vulnerabilities across diverse environments. By leveraging AI and a Security Data Fabric, Tonic transforms unstructured data into actionable insights, allowing organizations to prioritize risks and automate data management tasks effectively.
Docker has introduced Docker Hardened Images (DHI), which are secure-by-default container images that significantly reduce the attack surface and streamline software supply chain security. These images, designed for modern production environments, are continuously updated, minimize vulnerabilities, and integrate seamlessly into existing workflows without sacrificing flexibility or usability.
A critical vulnerability in Apache ActiveMQ has been exploited, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2025-XXXX, poses significant risks for users who have not applied the necessary security updates, making it imperative for organizations to secure their installations immediately.
A critical vulnerability identified as CVE-2025-25257 in Fortinet’s FortiWeb can lead to remote code execution, posing significant security risks. Users are urged to apply patches immediately to mitigate potential exploitation of this flaw.
Cloudflare's blog discusses the resolution of a request smuggling vulnerability found in their Pingora proxy. This vulnerability could have allowed attackers to manipulate server requests, emphasizing the importance of proactive security measures in web infrastructure. The article details the steps taken to identify and patch the issue effectively.
A vulnerability in VMware Tools has been patched, allowing the open-vm-tools community to implement a security fix for previous releases. Broadcom also announced a significant security flaw in VMware Aria Automation that could allow malicious actors to steal user access tokens through crafted URLs.
A vulnerability on the American Archive of Public Broadcasting's website allowed unauthorized access to protected media for years before being patched this month. The flaw, which had been exploited since at least 2021, involved a simple script that bypassed access controls, leading to concerns about the sharing of private content within data hoarding communities on Discord. AAPB has since confirmed the fix and reinforced its commitment to protecting archival materials.
Apple has released a security patch addressing a critical zero-day vulnerability identified as CVE-2025-43300, which could allow attackers to execute arbitrary code on affected devices. Users are urged to update their devices promptly to protect against potential exploitation of this flaw.
Report URI has effectively mitigated the impacts of the Redis vulnerability CVE-2025-49844 by implementing strict security measures and utilizing Redis's ACL features to restrict access to potentially harmful commands. They have upgraded to Redis version 8.2.2 and further hardened their infrastructure by disabling unnecessary commands, ensuring a robust and secure environment.
Hyundai has announced a security upgrade for its Ioniq 5 electric vehicle to prevent a potential vulnerability that could allow hackers to take control of the vehicle. The issue was discovered through a demonstration involving a Game Boy device, showcasing the ease with which attackers could exploit the flaw. The update aims to enhance the overall safety and security of the vehicle's systems.
A vulnerability in the Ollama Desktop application allowed drive-by attacks that could enable attackers to spy on local chats and manipulate AI models via a malicious website. Discovered by Chris Moberly and patched shortly after reporting, the flaw stemmed from insufficient cross-origin controls in the app's GUI. Users are urged to update to the latest version to mitigate the risk of exploitation.
A critical remote code execution vulnerability (CVE-2025-30065) has been found in all versions of Apache Parquet up to 1.15.0, allowing attackers to exploit specially crafted Parquet files for malicious purposes. Users are urged to upgrade to version 1.15.1 to mitigate the risk, which is particularly significant for big data environments and analytics systems that rely on Parquet files. Although no active exploitation has been reported yet, the potential for severe impact remains high due to the widespread use of this format.
A flaw in Microsoft OneDrive's file picker has been discovered, which could potentially allow attackers to exploit the feature for unauthorized access to files. This vulnerability highlights the need for improved security measures within cloud storage services to protect user data from malicious activities.
The article discusses CVE-2025-32433, detailing a proof of concept for a vulnerability that affects certain software systems. It outlines the potential risks associated with this vulnerability and suggests methods for mitigation and prevention. The significance of addressing such vulnerabilities to enhance overall system security is emphasized.
A critical flaw in Microsoft's Windows Server Update Services (WSUS) has been exploited in the wild, with reports indicating that the vulnerability allows attackers to bypass security measures and execute arbitrary code. Despite the availability of patches, many systems remain unprotected due to insufficient updates, highlighting the urgency for organizations to address this issue promptly.
A critical vulnerability, identified as CVE-2025-20265, has been discovered in Cisco's Secure Firewall Management Center, which allows for remote code execution with a CVSS score of 10. Organizations using this software are urged to apply the necessary patches immediately to mitigate potential security threats.
A vulnerability in AWS Trusted Advisor allowed attackers to bypass checks for unprotected S3 buckets, misleading users about their security status. AWS has since addressed the issue and advised customers to review their S3 bucket permissions to align with security best practices.
Apple has released a critical security patch addressing a zero-day vulnerability in its ImageIO framework, which has reportedly been exploited in targeted attacks. Users are urged to update their devices promptly to mitigate potential risks associated with this exploit.
Click Studios has urged users of its Passwordstate password manager to promptly update to version 9.9 Build 9972 due to a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to the administration section via a crafted URL. The company recommends implementing a temporary workaround while users transition to the latest version.
A critical vulnerability in the Windows NTFS file system, identified as CVE-2025-49689, allows for exploitation through specially crafted virtual disks (VHD). This vulnerability leads to multiple memory corruptions due to insufficient checks on integer overflow, facilitating potential escalation of privileges for attackers using malicious virtual disks in phishing attempts.
A critical vulnerability has been discovered in Red Hat OpenShift AI, potentially allowing unauthorized access to sensitive data. The flaw affects multiple versions and requires immediate attention from users to mitigate any risks associated with exploitation. Users are urged to apply the latest security updates to protect their systems.
SolarWinds has released a patch to address a critical vulnerability in its Web Help Desk software that was being actively exploited. The flaw allowed attackers to bypass authentication and gain unauthorized access to the system, prompting urgent action from the company to ensure user security. Users are advised to update their software immediately to mitigate potential risks.
A critical vulnerability has been discovered in the Erlang/OTP SSH application, which could allow attackers to execute arbitrary code remotely. Users are urged to update their systems immediately to mitigate potential risks associated with this security flaw.
Plex has issued an urgent warning for users to update their Media Server software to version 1.42.1.10060 due to a newly identified security vulnerability tracked as CVE-2025-34158. The flaw affects versions 1.41.7.x to 1.42.0.x, and while details of the vulnerability have not been disclosed, users are advised to patch immediately to prevent potential exploitation.
Researchers discovered vulnerabilities in the Nix ecosystem related to GitHub Actions, specifically concerning the pull_request_target event, which could allow for supply chain attacks and command injection. They identified two significant flaws: one involving xargs and the other enabling symbolic link exploitation, leading to unauthorized access to sensitive data. The maintainers acted quickly to disable the vulnerable workflows and implement fixes.
Solana recently addressed a vulnerability that allowed attackers to exploit a bug and steal tokens from users. The platform has implemented a patch to secure its network and prevent further incidents of this nature. Community members are urged to take precautions and monitor their accounts following the attack.
Lovense, a company known for its app-controlled sex toys, has been exposed for a serious vulnerability that allows attackers to access users' email addresses by exploiting their usernames. Despite previous claims of fixes, researchers confirmed that the flaw persisted, putting users at risk of doxxing and account hijacking. Lovense has since stated that all identified vulnerabilities have been addressed, though the timeline of fixes remains contentious.
A new zero-day vulnerability in Google Chrome is currently being exploited in the wild, allowing attackers to execute arbitrary code and potentially compromise user systems. Users are advised to update their browsers immediately to mitigate the risk of exploitation.
A critical vulnerability has been discovered in Anthropics software that could potentially allow remote code execution, putting users at significant risk. Security experts are urging users to update their software immediately to mitigate this threat and protect against potential exploits.
Cisco has announced a critical vulnerability, tracked as CVE-2025-20337, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allows unauthenticated remote attackers to gain root access through arbitrary code execution. The vulnerability has a maximum CVSS score of 10, and Cisco has released patches to address it along with related vulnerabilities disclosed in June. Customers are urged to upgrade to the latest software versions to mitigate the risk.
A security vulnerability in the Verizon Call Filter iOS app allowed unauthorized access to the call history of any Verizon customer by manipulating network requests, raising significant privacy and safety concerns for vulnerable individuals. The flaw was reported and promptly fixed by Verizon, highlighting the importance of securing sensitive user data in telecommunications.
Control characters from ASCII, originally designed for communication control, are being exploited in modern applications like Visual Studio Code to trigger command injection vulnerabilities. This occurs when these characters manipulate command arguments passed to the shell, leading to unintended command executions. The issue underscores the importance of sanitizing user input to prevent security risks associated with terminal interactions.
WhatsApp has released an emergency update to address a critical security vulnerability that could allow attackers to exploit the app and execute malicious code remotely. Users are urged to update to the latest version to protect their accounts and devices from potential threats. The update aims to enhance overall security and user safety.
Apple released a security patch for CVE-2025-43300, addressing an out-of-bounds write vulnerability in the ImageIO framework that could be exploited in zero-click attacks. The article provides a detailed root cause analysis of the vulnerability and the changes made in the patch, focusing on the modifications in the RawCamera file and the implications for image processing. Researchers have previously explored the vulnerability, revealing its connections to JPEG Lossless compression in DNG files.
The blog post discusses a security vulnerability known as remote prompt injection in GitLab's Duo feature, which can potentially allow attackers to execute arbitrary commands. It highlights the implications of this vulnerability and emphasizes the importance of securing software to prevent such exploits.
Unity has discovered a long-dormant security vulnerability that has been affecting its game development platform for nearly a decade. Developers are advised to take immediate action to safeguard their applications and games from potential exploitation. Unity is implementing fixes and urging users to update their software promptly.
A significant vulnerability in ESET software has been discovered, which could be exploited by attackers to deploy malware, specifically linked to the ToddyCat APT group. This flaw poses a heightened risk to users of ESET’s security products, emphasizing the need for immediate updates to mitigate potential threats.
The article discusses the vulnerabilities associated with prompt injection attacks, particularly focusing on how attackers can exploit tools like GitHub Copilot. It emphasizes the need for developers to understand and mitigate these risks to enhance the security of AI-assisted code generation.
Vulnerability CVE-2025-61882 in Oracle E-Business Suite allows for remote code execution without authentication, posing significant security risks. Oracle urges customers to apply the necessary updates promptly and remain on supported versions of the software to mitigate potential threats. Indicators of compromise are provided to assist in detecting and responding to potential exploitation attempts.
A previously patched vulnerability in libpng has been rediscovered, raising concerns about the long-term security of software libraries. The situation highlights the importance of ongoing security assessments and vigilance in software development.
A critical vulnerability in Argo CD, tracked as CVE-2025-55190, allows API tokens with low project-level permissions to access sensitive repository credentials, posing a significant security risk for organizations using the tool. This flaw, affecting all versions up to 2.13.0, could enable attackers to exploit sensitive data, leading to potential code theft and supply chain attacks. Administrators are urged to update to fixed versions to mitigate the risk.
A vulnerability in ServiceNow, identified as Count(er) Strike, allows low-privileged users to extract sensitive data due to misconfigured Access Control Lists (ACLs). Discovered by Varonis Threat Labs, the flaw enables users to enumerate restricted data by manipulating queries, potentially exposing sensitive information even in instances with limited access. ServiceNow has introduced new ACL frameworks to mitigate this issue, but organizations are advised to review their existing configurations to ensure data security.
A significant vulnerability in Google's Quick Share feature has been patched, addressing potential risks that could compromise user security. The update reinforces the importance of keeping software up to date to mitigate threats from exploits targeting such functionalities.
Citrix has addressed three vulnerabilities in its NetScaler ADC and Gateway, including a critical remote code execution flaw (CVE-2025-7775) that is being actively exploited. Users are urged to update their firmware as there are no available mitigations for the vulnerability. Additional vulnerabilities related to memory overflow and improper access control have also been identified and patched.
A critical remote vulnerability has been discovered in MCP software, posing significant risks to users. The flaw allows attackers to exploit the system remotely, potentially leading to unauthorized access and data breaches. Immediate updates and patches are recommended to mitigate the threat.
Google Gemini for Workspace can be exploited through prompt-injection attacks that generate misleading email summaries, potentially leading users to phishing sites without attachments or direct links. Researcher Marco Figueroa revealed this vulnerability, highlighting how hidden instructions in emails can manipulate Gemini's output, prompting users to trust false security alerts. Google is aware of the issue and is implementing defenses against such attacks.
MalifiScan is a security tool designed to identify and block malicious packages across ten major package ecosystems by integrating with the OSV vulnerability database and JFrog Artifactory. It offers features like package management, notifications, customizable configurations, and a rich command-line interface for efficient scanning and blocking of compromised packages. The tool ensures enterprise-grade safety by allowing users to block specific versions or entire packages while preserving existing exclusion patterns.
Cisco has issued security updates for a critical zero-day vulnerability (CVE-2025-20352) in its IOS and IOS XE Software, which is actively being exploited. The flaw allows remote attackers to execute code on vulnerable systems or cause denial-of-service conditions, prompting Cisco to recommend immediate upgrades to secure software versions.
Researchers have discovered a significant security flaw known as "ecscape" that affects various systems, potentially allowing attackers to exploit vulnerabilities and gain unauthorized access. The flaw highlights the need for immediate updates and patches to mitigate risks associated with this vulnerability.
A critical flaw in the Windows version of WhatsApp has been discovered, allowing hackers to exploit the application and potentially sneak in malicious files. Users are advised to update their software immediately to protect against these vulnerabilities and safeguard their data.
A critical zero-day vulnerability in SAP NetWeaver, identified as CVE-2025-31324, has been discovered, allowing attackers to execute remote code with elevated privileges. SAP has issued an urgent advisory for users to apply necessary patches to mitigate potential exploitation of this security flaw.
A significant vulnerability was discovered in the Open VSX marketplace, which could allow attackers to gain full control over millions of developer machines by publishing malicious updates to extensions. This flaw, rooted in a CI issue, underscores the risks associated with untrusted third-party software in development environments.
Google has released a security update for Chrome to address multiple vulnerabilities, including a high-severity sandbox escape flaw (CVE-2025-6558) that is actively being exploited. Users are urged to update to version 138.0.7204.157/.158 to mitigate risks, as the vulnerability allows attackers to execute arbitrary code through specially crafted HTML. This marks the fifth actively exploited flaw fixed in Chrome this year, following several others related to the V8 engine and browser security.
Researchers have discovered a vulnerability in computer mice that allows attackers to eavesdrop on conversations by exploiting the way these devices communicate with computers. The technique, dubbed the "mic-e-mouse attack," highlights potential security risks associated with everyday peripherals, raising concerns about privacy and data protection.
Redis has issued critical patches for a severe vulnerability (CVE-2025-49844) that allows remote code execution on approximately 330,000 exposed instances, with at least 60,000 not requiring authentication. The flaw stems from a 13-year-old use-after-free weakness in the Lua scripting feature, enabling attackers to gain full access to host systems and potentially exfiltrate sensitive data. Administrators are urged to update their Redis instances immediately to mitigate the risk of exploitation.
Researchers from ETH Zurich and Google have developed a new Rowhammer attack variant named Phoenix, which successfully bypasses DDR5 memory chip protections, allowing attackers to flip bits and escalate privileges. Despite defenses like Target Row Refresh (TRR), the attack exploits specific refresh intervals, demonstrating vulnerabilities across all tested DDR5 memory modules. The findings highlight a critical security risk affecting DIMM RAM produced from 2021 to 2024, with practical implications for data integrity and system security.
Vulnerability research has become more complex due to improved security practices in software development, making it essential to leverage automated tools like Semgrep for efficient analysis. By employing single-repository variant analysis, researchers can uncover new vulnerabilities by examining patched code and public advisories, focusing on patterns that indicate similar vulnerabilities in the codebase. This approach allows for targeted analysis and reduced resource expenditure in vulnerability discovery.
Microsoft identified a macOS vulnerability, CVE-2025-31191, allowing attackers to escape the App Sandbox using security-scoped bookmarks without user interaction. The flaw could lead to unrestricted code execution on affected devices, enabling further malicious actions. A fix was provided by Apple in March 2025, and users are advised to apply security updates promptly.
A security researcher discovered a significant remote code execution (RCE) vulnerability in ASUS's DriverHub software, which could be exploited due to inadequate origin checks in its RPC communication. The researcher detailed the exploit chain that could allow malicious code execution through ASUS-signed executables, ultimately leading to a successful report and patch from ASUS.
Sangoma's FreePBX Security Team has issued a warning about a zero-day vulnerability actively being exploited in FreePBX systems with exposed Administrator Control Panels since August 21. Users are advised to limit access to their ACPs and implement a temporary EDGE module fix, while those with compromised systems are encouraged to restore from backups and secure their installations.
Security researchers have uncovered a serious vulnerability in Unitree Go1 robot dogs, allowing unauthorized remote access to the devices and their cameras through an undocumented service called CloudSail. This flaw, attributed to poor code review practices, poses significant risks, particularly in sensitive environments, prompting experts to recommend users disconnect the devices from their networks.