Zoom Issues Urgent Patch for High-Risk Vulnerabilities
Zoom Issues Urgent Patch for High-Risk Vulnerabilities Recent security vulnerabilities in Zoom Workplace Apps and SDKs, including heap-based buffer overflow CVE-2025-27440, buffer underflow CVE-2025-27439, use-after-free CVE-2025-0151, and incorrect behavior order CVE-2025-0150, pose significant risks to users. These flaws could allow remote attackers to execute arbitrary code, escalate privileges, or cause denial-of-service (DoS) conditions. Zoom has […]
Type Confusion in V8 in Google Chrome Vulnerabilities
Type Confusion in V8 in Google Chrome Vulnerabilities Google Chrome has recently addressed two critical vulnerabilities, CVE-2025-1920 and CVE-2025-2135, both stemming from type confusion issues in the V8 JavaScript engine. These vulnerabilities could allow remote attackers to execute arbitrary code by tricking users into visiting specially crafted web pages. To mitigate these risks, users are […]
Commvault Reported Critical Webserver Vulnerability
Commvault Reported Critical Webserver Vulnerability Commvault has recently patched a critical vulnerability in its software affecting versions 11.20 to 11.36. This flaw, present in both Linux and Windows platforms, could enable attackers to deploy webshells on web servers, potentially granting unauthorized system access. If exploited, the vulnerability could result in data breaches and other malicious […]
Zero-Day Vulnerabilities Active in VMware ESXi & Workstations
Zero-Day Vulnerabilities Active in VMware ESXi & Workstations More than 37,000 VMware ESXi instances remain vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw actively exploited in the wild. The Shadowserver Foundation initially reported 41,500 affected instances, with 4,500 patched since then. Broadcom has warned about CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, all of which have been exploited […]
Severe Security Vulnerabilities in IBM Storage Virtualize
Severe Security Vulnerabilities in IBM Storage Virtualize IBM Storage Virtualize has been affected by two critical security vulnerabilities, CVE-2025-0159 and CVE-2025-0160, that affect GUI of many IBM Storage Virtualizations, posing significant risks to data security and system integrity. These vulnerabilities impact multiple versions of IBM FlashSystem, IBM SAN Volume Controller, and IBM Storwize series, potentially […]
Critical Security Vulnerabilities in Extreme Networks HiveOS
Critical Security Vulnerabilities in Extreme Networks HiveOS Security researchers have identified three critical vulnerabilities in Extreme Networks’ IQ Engine HiveOS when exploited together allow authenticated attackers to escalate privileges, decrypt passwords and execute arbitrary commands on vulnerable systems. The vulnerabilities, identified as CVE-2025-27229, CVE-2025-27228, and CVE-2025-27227, were found by the efforts of Lukas Schauer from […]
Botnet Targets Microsoft 365 Accounts with Password Spraying Attacks
Botnet Targets Microsoft 365 Accounts with Password Spraying Attacks A botnet comprising over 130,000 compromised devices is launching large-scale password spraying attacks on Microsoft 365 accounts. By leveraging non-interactive sign-ins with Basic Authentication, the attackers bypass modern login protections and evade MFA enforcement, exploiting a critical security gap. Systematically targeting accounts with stolen credentials, they […]
PoC Exploit Released for F5 BIG-IP – Command Injection CVE-2025-20029
PoC Exploit Released for F5 BIG-IP – Command Injection CVE-2025-20029 Researchers have released a proof-of-concept showing how authenticated attackers can exploit the vulnerability (CVE-2025-20029) to execute commands as root, gaining complete system control. The flaw, with a CVSS score of 8.8, stems from improper argument handling in the iControl REST API and TMOS Shell. Immediate […]
Severe RCE Flaw Discovered in Everest Forms WordPress Plugin
Severe RCE Flaw Discovered in Everest Forms WordPress Plugin The Everest Forms: Contact Forms, Quiz, Survey, Newsletter and Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the “format” method of the EVF_Form_Fields_Upload class in all versions up […]
Hackers Exploit Critical Confluence Server Flaw to Deploy LockBit Ransomware
Hackers Exploit Critical Confluence Server Flaw to Deploy LockBit Ransomware A recent cyberattack exposed the risks of unpatched servers, as hackers exploited a critical flaw in an Atlassian Confluence instance to deploy LockBit ransomware. The attack leveraged CVE-2023-22527, a remote code execution vulnerability, enabling attackers to run arbitrary commands on the server. This incident underscores […]