Type Confusion in V8 in Google Chrome Vulnerabilities
Type Confusion in V8 in Google Chrome Vulnerabilities Google Chrome has recently addressed two critical vulnerabilities, CVE-2025-1920 and CVE-2025-2135, both stemming from type confusion issues in the V8 JavaScript engine. These vulnerabilities could allow remote attackers to execute arbitrary code by tricking users into visiting specially crafted web pages. To mitigate these risks, users are […]
Commvault Reported Critical Webserver Vulnerability
Commvault Reported Critical Webserver Vulnerability Commvault has recently patched a critical vulnerability in its software affecting versions 11.20 to 11.36. This flaw, present in both Linux and Windows platforms, could enable attackers to deploy webshells on web servers, potentially granting unauthorized system access. If exploited, the vulnerability could result in data breaches and other malicious […]
Critical Security Vulnerabilities in Extreme Networks HiveOS
Critical Security Vulnerabilities in Extreme Networks HiveOS Security researchers have identified three critical vulnerabilities in Extreme Networks’ IQ Engine HiveOS when exploited together allow authenticated attackers to escalate privileges, decrypt passwords and execute arbitrary commands on vulnerable systems. The vulnerabilities, identified as CVE-2025-27229, CVE-2025-27228, and CVE-2025-27227, were found by the efforts of Lukas Schauer from […]
PoC Exploit Released for F5 BIG-IP – Command Injection CVE-2025-20029
PoC Exploit Released for F5 BIG-IP – Command Injection CVE-2025-20029 Researchers have released a proof-of-concept showing how authenticated attackers can exploit the vulnerability (CVE-2025-20029) to execute commands as root, gaining complete system control. The flaw, with a CVSS score of 8.8, stems from improper argument handling in the iControl REST API and TMOS Shell. Immediate […]
Critical Vulnerabilities Detected in HP LaserJet Printers
Critical Vulnerabilities Detected in HP LaserJet Printers HP has released a security advisory regarding critical vulnerabilities affecting multiple LaserJet Pro, LaserJet Enterprise and LaserJet Managed printers. These vulnerabilities, identified as CVE-2025-26506, CVE-2025-26508 and CVE-2025-26507, could enable attackers to execute arbitrary code or escalate privileges by sending specially crafted PostScript print jobs. To mitigate these risks, […]
Lazarus Group Deploys Sophisticated Infostealer Malware
Lazarus Group Deploys Sophisticated Infostealer Malware North Korea’s Lazarus Group is targeting software developers and IT experts through an advanced infostealer malware campaign. Utilizing malicious Python scripts, fake job interviews, and social engineering, they steal sensitive data and establish persistent access to systems. The malware incorporates multiple layers of encoding and evasion techniques, ultimately delivering […]
Ivanti Addresses Critical Vulnerabilities Affecting Several Products
Ivanti Addresses Critical Vulnerabilities Affecting Several Products Ivanti has disclosed critical vulnerabilities in its Connect Secure, Policy Secure, Secure Access Client and Cloud Services Application products. These flaws could enable remote code execution, unauthorized data access and system compromise. The most severe issues include stack-based buffer overflows and OS command injection vulnerabilities. Ivanti strongly advises […]
DeepSeek iOS App has Severe Security Flaws
DeepSeek iOS App has Severe Security Flaws The DeepSeek app has gained popularity among iPhone users since its launch, even reaching the top of the App Store charts in the US. A recent analysis by researchers has revealed multiple critical vulnerabilities in the DeepSeek iOS app, posing significant risks to individuals, businesses and government […]
Microsoft Fixes Critical Vulnerability in Azure Ai Face Service
Microsoft Fixes Critical Vulnerability in Azure Ai Face Service Microsoft has addressed two critical security vulnerabilities: one in Azure AI Face Service (CVE-2025-21415, CVSS 9.9) and another in Microsoft Account (CVE-2025-21396, CVSS 7.5), both of which could enable privilege escalation. The Azure AI Face Service flaw resulted from an authentication bypass, while the Microsoft Account […]
Critical Vulnerability Discovered in SonicWall SMA 1000 Series
Critical Vulnerability Discovered in SonicWall SMA 1000 Series Summary SonicWall has issued a critical security advisory for its SMA1000 appliances, revealing a high-severity pre-authentication remote command execution vulnerability (CVE-2025-23006) with a CVSS score of 9.8. This flaw, caused by the deserialization of untrusted data, affects Appliance Management Console (AMC) and Central Management Console (CMC) products […]