Topic: security advisories

Sort by: Relevance | Date
  • Google, Apple Issue Emergency Patches for Zero-Day Exploits
    December 14, 2025

    Google, Apple Issue Emergency Patches for Zero-Day Exploits

    Google and Apple issued emergency patches for actively exploited zero-day vulnerabilities, highlighting the threat from advanced, likely state-sponsored hacking operations. The vulnerabilities were identified through a joint effort by Apple's security team and Google's Threat Analysis Group, whic...

    Read More »
  • Urgent Microsoft Update: Patch Windows 10, 11, Server Now
    November 16, 2025

    Urgent Microsoft Update: Patch Windows 10, 11, Server Now

    Microsoft has urgently patched a zero-day vulnerability (CVE-2025-62215) in the Windows Kernel, which is already being actively exploited to gain system-level privileges. The flaw involves improper synchronization in concurrent execution, allowing attackers to escalate privileges after initial ac...

    Read More »
  • Malicious 'IndonesianFoods' Worm Floods npm With 100K Packages
    November 15, 2025

    Malicious 'IndonesianFoods' Worm Floods npm With 100K Packages

    A self-propagating npm package called 'IndonesianFoods' has flooded the registry with over 100,000 junk packages, using random Indonesian names and food terms, though they currently contain no harmful code. The attack aims to overwhelm security systems and disrupt the software supply chain, with ...

    Read More »
  • Critical runC Flaws Let Hackers Escape Docker Containers
    November 11, 2025

    Critical runC Flaws Let Hackers Escape Docker Containers

    Three critical vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) in runC allow attackers to escape Docker and Kubernetes containers and gain root access to the host system by exploiting flaws in bind mounts and symbolic link handling. Successful exploitation requires starting conta...

    Read More »
  • QNAP Patches Critical Zero-Day Flaws Exploited at Pwn2Own
    November 9, 2025

    QNAP Patches Critical Zero-Day Flaws Exploited at Pwn2Own

    QNAP has urgently patched seven critical zero-day vulnerabilities exploited during the Pwn2Own Ireland 2025 contest, affecting core components like QTS/QuTS hero operating systems and applications such as Hyper Data Protector and HBS 3. The company advises users to install the latest software upd...

    Read More »
  • Microsoft GoAnywhere Flaw Fuels Ransomware Attacks
    October 14, 2025

    Microsoft GoAnywhere Flaw Fuels Ransomware Attacks

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT platform is being exploited by ransomware attackers, allowing remote access without user interaction. The cybercrime group Storm-1175, linked to Medusa ransomware, is actively using this flaw to gain initial access, deploy remot...

    Read More »
  • Networking Devices Still at Risk from Pixie Dust Attacks
    September 22, 2025

    Networking Devices Still at Risk from Pixie Dust Attacks

    A decade-old security flaw known as the pixie dust attack continues to threaten networks by exploiting weaknesses in the Wi-Fi Protected Setup (WPS) protocol, allowing unauthorized access through brute-forcing the PIN in seconds. Recent analysis of 24 networking devices found that only four were ...

    Read More »
  • Microsoft, Adobe, SAP Issue Critical September 2025 Patch Tuesday Updates
    September 11, 2025

    Microsoft, Adobe, SAP Issue Critical September 2025 Patch Tuesday Updates

    The September 2025 Patch Tuesday included critical security updates from Microsoft, Adobe, and SAP, addressing numerous vulnerabilities not currently under active exploitation. Microsoft patched over 80 flaws, including a privilege escalation issue in Windows NTLM and a high-risk remote code exec...

    Read More »

Related Topics

zero-day exploits (4) privilege escalation (2) active exploitation (2) patch tuesday (2) windows vulnerabilities (2) cve identifiers (2) software updates (2) wi-fi security (1)