Topic: vulnerability chaining
-
Critical Security Flaw in Commvault Backup Suite Allows Remote Code Execution
A critical security vulnerability in on-premises Commvault deployments allows unauthenticated attackers to execute remote code by chaining four distinct flaws (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, and CVE-2025-57791). These vulnerabilities impact essential components like the Web Serve...
Read More » -
SolarWinds Help Desk Flaw Under Active Attack
A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is under active attack, allowing unauthenticated attackers to execute remote code and gain administrative control, prompting urgent patching orders from US authorities. The flaw is one of four critical vulnerabilities, all with...
Read More » -
CISA Warns of Active Attacks Exploiting Wing FTP Server Flaw
CISA has issued an urgent alert for a vulnerability (CVE-2025-47813) in Wing FTP Server that is being actively exploited to leak sensitive system information and could be chained with a critical remote code execution flaw. The software's developer patched this and other vulnerabilities in May 202...
Read More » -
Google Issues Emergency Chrome Update for 2 Billion Users
Google has issued an emergency security patch for Chrome to address a high-severity vulnerability (CVE-2025-13223) that is already being actively exploited, allowing attackers to execute arbitrary code. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Kn...
Read More » -
Cybercriminals Now Using Government iPhone Hacking Tools
Sophisticated iPhone hacking tools, originally developed for state-sponsored surveillance, are now being used by cybercriminals and foreign espionage groups, highlighting a dangerous market for secondhand exploits. The exploit framework, called Coruna, can compromise iPhones through a "watering h...
Read More »