Topic: remote execution
-
Microsoft Patches Critical Zero-Day and 63 Flaws
Microsoft's November 2025 Patch Tuesday addresses 63 vulnerabilities, including one actively exploited zero-day and four critical issues, requiring immediate deployment by system administrators. The update includes the first extended security update (ESU) for Windows 10, urging organizations to u...
Read More » -
Microsoft Issues Critical Windows Update Amid Active Attacks
Microsoft has issued an urgent security update for Windows Server to patch a critical vulnerability (CVE-2025-59287) that is actively being exploited, allowing remote code execution with system privileges. Only servers with the WSUS Server Role enabled are vulnerable, and CISA has mandated federa...
Read More » -
Urgent Microsoft Update: Patch Windows 10, 11, Server Now
Microsoft has urgently patched a zero-day vulnerability (CVE-2025-62215) in the Windows Kernel, which is already being actively exploited to gain system-level privileges. The flaw involves improper synchronization in concurrent execution, allowing attackers to escalate privileges after initial ac...
Read More » -
Oracle Fixes Zero-Day Exploited in Clop Ransomware Attacks
Oracle has issued an urgent alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, allowing unauthenticated remote code execution and actively exploited by the Clop ransomware group for data theft. The vulnerability affects versions 12.2.3 to 12.2.14, with Oracle re...
Read More » -
Google Patches Critical Android Zero-Day Exploits in the Wild
Google has released a security update addressing over 100 Android vulnerabilities, including two actively exploited flaws that could compromise devices without user interaction. Critical vulnerabilities patched include CVE-2025-48543 and CVE-2025-38352, which allow local privilege escalation, and...
Read More » -
Samsung Phones Infected by "Landfall" Spyware for Nearly a Year
The Landfall spyware campaign targeted Samsung Galaxy phones by exploiting a zero-day vulnerability (CVE-2025-21042) to steal personal data without user interaction, using maliciously crafted DNG image files. Samsung released a security patch in April 2025 to fix the vulnerability, and the attack...
Read More » -
CISA Warns of Critical Git Flaw Under Active Exploitation
CISA has issued an urgent warning about a critical vulnerability in Git (CVE-2025-48384) that allows arbitrary code execution and requires federal agencies to patch by September 15th. The flaw arises from improper handling of carriage return characters in configuration files, which attackers can ...
Read More »