WhatsApp has patched a critical zero-click vulnerability (CVE-2025-55177) on iOS and macOS. Learn how it was chained with an Apple flaw for targeted spyware attacks.
Zoom and Xerox have rolled out critical security updates to fix high-severity flaws in their products. A significant vulnerability in Zoom Clients for Windows could allow for privilege escalation, while multiple issues in Xerox FreeFlow Core could lead to remote code execution (RCE). Security teams have detailed the vulnerabilities, including CVE-2025-49457 for Zoom and CVE-2025-8356 for Xerox, urging users to update their systems immediately to prevent potential exploitation by attackers.
Discover the surge in Erlang/OTP SSH RCE exploits (CVE-2025-32433) targeting OT firewalls. Learn how attackers are achieving RCE without authentication.
SafeBreach researchers have unveiled 'Win-DDoS,' a novel attack that turns public domain controllers into a powerful DDoS botnet. This method exploits RPC and LDAP flaws to amplify traffic without credentials or code execution, manipulating the LDAP URL referral process to redirect thousands of DCs to a victim's server. What makes this technique dangerous is its stealth and efficiency; it requires no purchased infrastructure and leaves no traceable footprint, turning the Windows platform itself into both a weapon and a victim.
Researchers discovered the ECScape flaw in Amazon ECS, enabling cross-task credential theft and privilege escalation. Learn how it works and how to mitigate it.
Trend Micro has confirmed that critical vulnerabilities in its on-premise Apex One security solution are being actively exploited in the wild. The flaws, tracked as CVE-2025-54948 and CVE-2025-54987, both carry a severe 9.4 CVSS score and can lead to remote code execution (RCE). While Trend Micro has patched its cloud offering, on-premise customers must apply a temporary fix tool immediately to protect against these threats, with a full patch expected in mid-August 2025. System administrators are urged to apply the fix and review remote access policies.
Google's August 2025 Android update patches two actively exploited Qualcomm zero-day vulnerabilities. Learn about CVE-2025-21479 and CVE-2025-27038 and why you must update your device now.
A critical vulnerability, CVE-2025-23266, in NVIDIA's Container Toolkit allows for complete server takeover on shared AI cloud services with a simple exploit.
CISA warns of active exploitation of CVE-2016-10033 in PHPMailer, urging organizations to patch by July 28, 2025, to prevent system compromise.
Newer posts