Topic: vulnerability disclosure
-
SolarWinds Issues Urgent Patch for Critical Web Help Desk Flaw
SolarWinds has released an urgent hotfix for a critical, unauthenticated remote code execution vulnerability (CVE-2025-26399) in its Web Help Desk software, which poses a severe risk to affected systems. The flaw is a patch bypass for a previous vulnerability and stems from unsafe deserialization...
Read More » -
SolarWinds Patches Critical RCE Flaw in Web Help Desk
SolarWinds has released a critical update for its Web Help Desk software to patch CVE-2025-26399, an unauthenticated remote code execution vulnerability requiring immediate action to prevent system compromise. The flaw, located in the AjaxProxy class, allows remote attackers to execute arbitrary ...
Read More » -
Urgent: NetScaler Zero-Day Exploit Actively Attacked (CVE-2025-7775)
Three critical vulnerabilities have been discovered in Citrix NetScaler ADC and Gateway devices, with CVE-2025-7775 already being actively exploited for remote code execution and denial of service. Citrix has released security updates for affected versions and strongly advises immediate patching,...
Read More » -
UK NCSC Backs Public Disclosure of AI Security Flaws
UK cybersecurity and AI authorities advocate for crowdsourced initiatives to identify and address AI vulnerabilities, emphasizing the rising risks from malicious exploitation of advanced platforms. In response to AI system breaches, developers have launched bug bounty programs to incentivize ethi...
Read More » -
Microsoft Entra ID Flaw Let Attackers Hijack Company Tenants
A critical vulnerability (CVE-2025-55241) in Microsoft's Entra ID could have allowed attackers to gain full control over an organization's tenant by exploiting unsigned "actor tokens" and a weakness in the Azure AD Graph API. The flaw enabled attackers to impersonate any user, escalate privileges...
Read More » -
Urgent CISA Alert: Active Attacks Exploit Critical Linux Sudo Flaw
A critical vulnerability (CVE-2025-32463) in Linux sudo versions 1.9.14 to 1.9.17 allows local attackers to escalate privileges to root using the -R option, even without sudoers file authorization. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known E...
Read More » -
New Ethics Rules for Cybersecurity Research: What You Need to Know
Major cybersecurity conferences are implementing new ethics requirements for research submissions, requiring authors to include stakeholder-based ethics analyses in their papers. A new framework has been developed to help researchers systematically identify all affected parties and assess potenti...
Read More » -
SAP S/4HANA Vulnerability Actively Exploited in Attacks
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA allows attackers to execute unauthorized code and gain administrative control. Despite a patch being available since August 2025, many systems remain unpatched, leading to active exploitation in the wild. Successful attacks can result in se...
Read More » -
Cisco ASA Firewalls Remain Vulnerable to Zero-Day Attacks
Approximately 48,000 Cisco ASA devices remain vulnerable to active zero-day attacks, posing ongoing risks globally, with the majority located in the U.S. and other key countries. Attackers have used advanced tactics, including disabling logging and intercepting commands, to exploit vulnerabilitie...
Read More » -
Critical DrayTek Router Flaw Allows Remote Code Execution
A critical vulnerability (CVE-2025-10547) in DrayTek routers allows unauthenticated remote attackers to execute commands via crafted HTTP/HTTPS requests, potentially leading to system crashes or code execution. DrayTek has released firmware updates for 35 router models and advises immediate insta...
Read More »