Hot on the heels of the CVE-2025-1449 disclosure, a vulnerability in Rockwell Automation software, another critical security issue affecting widely used software products is now drawing the attention of the defenders. CVE-2025-29824 is a zero-day vulnerability in the Windows Common Log File System (CLFS) that gives threat actors the green light to escalate privileges to […]
Hard on the heels of the disclosure of CVE-2025-24813, a RCE flaw in Apache Tomcat actively leveraged in the wild shortly after the release of its PoC, another vulnerability identified as CVE-2025-1449 that can be exploited remotely comes into the spotlight. Once weaponized, CVE-2025-1449 gives admin-level threat actors the green light to run arbitrary commands. […]
Heads-up for Kubernetes admins! A batch of five critical vulnerabilities called “IngressNightmare” (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974) affecting Ingress NGINX have been recently patched, posing a serious risk to the clusters. With over 40% of Kubernetes environments relying on Ingress NGINX, swift action is crucial to safeguard your systems and data against RCE attacks. […]
Hot on the heels of the disclosure of CVE-2025-24813, a newly uncovered RCE vulnerability in Apache Tomcat—actively exploited just 30 hours after its public disclosure and PoC release—another critical security threat has now emerged. Tracked as CVE-2025-29927, the newly uncovered vulnerability has been identified in the Next.js React framework, potentially giving adversaries the green light […]
A newly revealed RCE vulnerability in Apache Tomcat is under active exploitation, just 30 hours after its public disclosure and the release of a PoC. The successful exploitation of CVE-2025-24813 gives adversaries the green light to remotely execute code on targeted systems by leveraging unsafe deserialization. Detect CVE-2025-24813 Exploitation Attempts With the sharp increase in […]
Hot on the heels of the exploitation attempts of the medium-severity vulnerability in Espressif ESP32 Bluetooth chips, leveraged in over 1 billion devices, another security issue in a widely popular product, a cross-platform browser engine, WebKit, poses an increasing threat to organizations and individual users worldwide. Tracked as CVE-2025-24201, the newly uncovered zero-day vulnerability is […]
Following the disclosure of an authorization bypass vulnerability in the Motorola Mobility Droid Razr HD (Model XT926), another major security flaw in a widely used product now threatens global organizations with unauthorized access and potential control over critical systems. The ESP32 microchip by Espressif, found in over 1 billion devices as of 2023, contains 29 […]
Hot on the heels of the disclosure of CVE-2025-1001, a novel Medixant RadiAnt DICOM Viewer vulnerability, another security issue emerges in the cyber threat landscape. A newly identified flaw, CVE-2025-25730, affects the Mobility Droid Razr HD (Model XT926) and enables nearby unauthorized attackers to access USB debugging, potentially compromising the host device. With cyber threats […]
A new day, a new menace for cyber defenders. A novel vulnerability in Medixant RadiAnt DICOM Viewer—a popular PACS DICOM viewer for medical imaging—allows hackers to execute machine-in-the-middle (MitM) attacks. GitHub reports that by late 2024, an average of 115 CVEs were disclosed daily, with a 124% rise in cyberattacks exploiting vulnerabilities in Q3 2024. […]
A novel max-severity RCE vulnerability (CVE-2025-27364) in MITRE Caldera poses a serious risk of system compromise. The flaw can also be chained with another Parallels Desktop security issue, CVE-2024-34331, to double the risks of threats. If exploited, these security issues could provide hackers with full system control, causing unauthorized access, data breaches, and further lateral […]