Critical Flaws in Ingress NGINX Controller Enable Remote Code Execution A newly disclosed set of five severe vulnerabilities, dubbed IngressNightmare by cloud security firm Wiz, has put more than 6,500 Kubernetes clusters at risk. These critical flaws impact the Ingress…
A newly disclosed vulnerability in the Next.js React framework has been assigned a CVSS score of 9.1, marking it as a critical security risk. Tracked as CVE-2025-29927, the flaw can be exploited under specific conditions to bypass middleware-based authorization checks,…
Two Critical Vulnerabilities Expose Administrative Access Two now-patched but previously critical vulnerabilities in Cisco Smart Licensing Utility are being actively exploited in the wild, according to reports from the SANS Internet Storm Center. These flaws affect versions 2.0.0, 2.1.0, and…
At least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined…
The U.S. Cybersecurity and Infrastructure Security Agency has identified a significant security flaw affecting NAKIVO Backup & Replication software, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation in the wild. The vulnerability, tracked as CVE-2024-48248…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered vulnerability linked to the supply chain compromise of the GitHub Actions, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2025-30066, has been assigned…
A newly disclosed security flaw in Apache Tomcat is being actively exploited, following the release of a public proof-of-concept (PoC) just 30 hours after its disclosure. Affected Apache Tomcat Versions The vulnerability, tracked as CVE-2025-24813, impacts the following versions: Apache…
Security researcher Yohanes Nugroho has developed a decryptor for the Linux variant of Akira ransomware. The tool leverages GPU power to retrieve decryption keys, allowing victims to unlock their encrypted files for free. Development of Akira Decryptor Nugroho began working…
Users searching for pirated software are now prime targets for a new malware campaign that distributes a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. A New Threat in the Piracy Scene Clipper malware is designed to…
Meta has issued a security advisory regarding a newly discovered vulnerability in the FreeType open-source font rendering library. Tracked as CVE-2025-27363, this flaw has been assigned a CVSS score of 8.1, categorizing it as a high-severity issue. Security experts warn…
Apple has released an important security update to fix a newly discovered zero-day vulnerability that has reportedly been exploited in “extremely sophisticated” cyberattacks. The flaw, identified as CVE-2025-24201, affects the WebKit browser engine and could allow attackers to execute arbitrary…
Google has rolled out its monthly Android Security Bulletin for March 2025, fixing a total of 44 vulnerabilities, including two high-severity flaws that have been actively exploited in the wild. Critical Vulnerabilities Under Active Exploitation Among the patched vulnerabilities, two…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog by adding two significant security flaws – one affecting Adobe ColdFusion and the other impacting Oracle Agile Product Lifecycle Management (PLM). CVE-2017-3066 in…
FortiGuard Labs has detected a new variant of the Snake Keylogger (also known as 404 Keylogger) using the advanced features of FortiSandbox v5.0 (FSAv5). This new strain, identified as AutoIt/Injector.GTY!tr, has triggered over 280 million blocked infection attempts worldwide. The…
Security researchers have uncovered critical printer vulnerabilities in Xerox VersaLink C7025 Multifunction Printers (MFPs). These flaws could allow attackers to capture authentication credentials via pass-back attacks using Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. Overview of the Vulnerabilities Deral…
A newly identified search engine optimization manipulation campaign has compromised the security of Internet Information Services (IIS) servers worldwide. Trend Micro researchers have uncovered a financially motivated SEO manipulation attack leveraging malware known as BadIIS, targeting organizations across Asia and…
New threats surface almost every day, each with its own unique characteristics and degrees of severity. One such threat that first appeared 2021 has caught the attention of security experts worldwide is the “Pink Botnet.” Unlike everyday malware that primarily…
Netgear has released security updates addressing two critical vulnerabilities affecting several WiFi router models and has strongly urged users to update their firmware immediately. These vulnerabilities could allow unauthenticated attackers to execute remote code or bypass authentication, creating a serious…
Microsoft has addressed two critical security vulnerabilities that posed potential threats to its cloud-based services. The patches resolve security flaws affecting Azure AI Face Service and Microsoft Account, both of which could have allowed malicious actors to escalate privileges under…
Over the past month, cybersecurity experts at FortiGuard Labs have identified a series of malicious Windows Shortcut (LNK) files containing PowerShell commands. These files serve as the initial stage of a sophisticated cyberattack aimed at delivering the Coyote Banking Trojan,…
