flaw
-
A critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909, concerns an unauthenticated Local File Inclusion (LFI) vulnerability that could potentially lead to Remote Code Execution (RCE) attacks on nearly all server environments. The vulnerability has been addressed in the…
-
A high-severity vulnerability has been identified in the kcp project, a Kubernetes-like control plane designed for multi-tenant environments. The post CVE-2025-29922: Critical Flaw in kcp Lets Attackers Manipulate Any Workspace appeared first on Cybersecurity News.
-
The latest version patches a critical security flaw that could allow a web page to run malicious code in the browser.
-
The latest version patches a critical security flaw that could allow a web page to run malicious code in the browser.
-
RCE attacks on Veeam storage could lead to ransomware attacks and data breaches.
-
Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat flaw. The post In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw appeared first on SecurityWeek.
-
A pair of security advisories released by CERT@VDE, in coordination with MB connect line and Helmholz, have revealed The post CVE-2024-23943 (CVSS 9.1): Critical Flaw Found in Industrial Communication Devices appeared first on Cybersecurity News.
-
Also: France Temporarily Lifts Pavel Durov’s Travel Ban Amid Telegram ProbeThis week, Paragon Solutions spread through WhatsApp, France suspended Pavel Durov’s travel ban, Vapor malware hit 60M Android users, state-backed hackers exploit a Windows flaw, Western Alliance Bank exposed customers data, Apple fixed a passwords bug, and a sperm bank exposed customer information.
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in the NAKIVO Backup and Replication software, known as CVE-2024-48248. This vulnerability allows attackers to exploit an absolute path traversal flaw, enabling them to read arbitrary files without authentication. The vulnerability resides in the Director Web Interface of the…
-
Attackers are making use of Windows shortcut (.lnk) files to dupe users into running malicious code on their systems.
-
Attackers are making use of Windows shortcut (.lnk) files to dupe users into running malicious code on their systems.
-
A major security flaw has been found in RSA encryption keys used across the internet. Researchers discovered that about one in 172 online certificates are at risk due to a mathematical weakness. The issue mainly affects Internet of Things (IoT) devices but could impact any system using improperly generated RSA keys, arising from poor random…
-
A recent vulnerability discovered in an UK National Health Service HS API has once again highlighted the risks associated with insecure mobile application programming interfaces (APIs). The flaw reportedly allowed unauthorized access to sensitive patient data, raising serious concerns about the security of healthcare applications. The post UK NHS API Flaw Exposes Critical Mobile Security…
-
Juniper Networks has released an out-of-cycle security bulletin addressing an actively exploited vulnerability in Junos OS that could The post Juniper Issues Urgent Fix for Actively Exploited Junos OS Flaw – CVE-2025-21590 appeared first on Cybersecurity News.
-
Cisco has issued a security advisory addressing a denial-of-service (DoS) vulnerability in its IOS XR Software. The vulnerability, The post Cisco Alerts on Public Disclosure of CVE-2025-20115 – BGP Flaw Puts Networks at Risk appeared first on Cybersecurity News.
-
Cybersecurity firm ESET has announced that Microsoft has finally patched a long-standing security vulnerability in the Windows NT The post Microsoft Patches 2-Year-Old Windows Kernel Flaw CVE-2025-24983 After Exploitation appeared first on Cybersecurity News.
-
A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year. The post Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 appeared first on SecurityWeek.
-
Microsoft has released a critical patch for a 2-year-old Windows kernel security vulnerability. This vulnerability, identified as CVE-2025-24983, allows attackers to exploit a weakness in the Windows Win32 Kernel Subsystem, leading to an elevation of privilege. The patch comes after extensive research by security experts, who first detected the exploit in the wild in March…