Severe Security Vulnerabilities in IBM Storage Virtualize

Severe Security Vulnerabilities in IBM Storage Virtualize IBM Storage Virtualize has been affected by two critical security vulnerabilities, CVE-2025-0159 and CVE-2025-0160, that affect GUI of many IBM Storage Virtualizations, posing significant risks to data security and system integrity. These vulnerabilities impact multiple versions of IBM FlashSystem, IBM SAN Volume Controller, and IBM Storwize series, potentially […]

Critical Security Vulnerabilities in Extreme Networks HiveOS

Critical Security Vulnerabilities in Extreme Networks HiveOS Security researchers have identified three critical vulnerabilities in Extreme Networks’ IQ Engine   HiveOS when exploited together allow authenticated attackers to escalate privileges, decrypt passwords and execute arbitrary commands on vulnerable systems. The vulnerabilities, identified as CVE-2025-27229, CVE-2025-27228, and CVE-2025-27227, were found by the efforts of Lukas Schauer from […]

Botnet Targets Microsoft 365 Accounts with Password Spraying Attacks

Botnet Targets Microsoft 365 Accounts with Password Spraying Attacks A botnet comprising over 130,000 compromised devices is launching large-scale password spraying attacks on Microsoft 365 accounts. By leveraging non-interactive sign-ins with Basic Authentication, the attackers bypass modern login protections and evade MFA enforcement, exploiting a critical security gap. Systematically targeting accounts with stolen credentials, they […]

PoC Exploit Released for F5 BIG-IP – Command Injection CVE-2025-20029

PoC Exploit Released for F5 BIG-IP – Command Injection CVE-2025-20029 Researchers have released a proof-of-concept showing how authenticated attackers can exploit the vulnerability (CVE-2025-20029) to execute commands as root, gaining complete system control. The flaw, with a CVSS score of 8.8, stems from improper argument handling in the iControl REST API and TMOS Shell. Immediate […]

Severe RCE Flaw Discovered in Everest Forms WordPress Plugin

Severe RCE Flaw Discovered in Everest Forms WordPress Plugin The Everest Forms: Contact Forms, Quiz, Survey, Newsletter and Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the “format” method of the EVF_Form_Fields_Upload class in all versions up […]

Hackers Exploit Critical Confluence Server Flaw to Deploy LockBit Ransomware

Hackers Exploit Critical Confluence Server Flaw to Deploy LockBit Ransomware A recent cyberattack exposed the risks of unpatched servers, as hackers exploited a critical flaw in an Atlassian Confluence instance to deploy LockBit ransomware. The attack leveraged CVE-2023-22527, a remote code execution vulnerability, enabling attackers to run arbitrary commands on the server. This incident underscores […]

Critical Vulnerabilities Detected in HP LaserJet Printers

Critical Vulnerabilities Detected in HP LaserJet Printers HP has released a security advisory regarding critical vulnerabilities affecting multiple LaserJet Pro, LaserJet Enterprise and LaserJet Managed printers. These vulnerabilities, identified as CVE-2025-26506, CVE-2025-26508 and CVE-2025-26507, could enable attackers to execute arbitrary code or escalate privileges by sending specially crafted PostScript print jobs. To mitigate these risks, […]

Phishing Campaign Abuses Webflow CDN & CAPTCHAs to Steals Credit Card Data

Phishing Campaign Abuses Webflow CDN & CAPTCHAs to Steal Credit Card Data A recent cybersecurity report reveals a sophisticated phishing campaign that exploits the Webflow CDN and deceptive CAPTCHA images to steal credit card data. Attackers employ search engine optimization (SEO) tactics to drive victims to malicious PDFs, which lead them through a fake CAPTCHA […]

Chrome Buffer Overflow Vulnerabilities Allow Arbitrary Code Execution

Chrome Buffer Overflow Vulnerabilities Allow Arbitrary Code Execution Google has rolled out an urgent security update for its Chrome browser, patching three vulnerabilities including two critical heap buffer overflow flaws that could enable attackers to execute arbitrary code and seize control of affected systems. The update (version 133.0.6943.126/.127 for Windows/Mac and 133.0.6943.126 for Linux) follows […]

Orion Hackers Ransomware, LockBit 3.0 (LockBit Black)

Orion Hackers Ransomware, LockBit 3.0 (LockBit Black) Orion Hackers is a malicious software variant derived from the LockBit 3.0 (LockBit Black) ransomware. It is designed to encrypt data and extort victims by demanding payment for decryption. It propagates via phishing, software vulnerabilities and malicious downloads, making recovery challenging without backups. Paying the ransom does not […]