After Microsoft’s recent patch for two critical zero-day vulnerabilities in SharePoint (CVE-2025-53770, CVE-2025-53771), Google has followed with its own urgent response. Tech giant has issued a Chrome security update to address multiple flaws, including a severe use-after-free vulnerability in the Media Stream component (CVE-2025-8292). This high-risk bug is easy to exploit, requires no authentication, and […]
This summer saw a surge of critical vulnerabilities impacting Microsoft products. A new RCE vulnerability in Windows, tracked as CVE-2025-33053, had been actively weaponized by the Stealth Falcon APT group. At the same time, another severe flaw, dubbed EchoLeak (CVE-2025-32711), was uncovered in Microsoft Copilot, enabling silent data exfiltration via email with no user interaction […]
As the summer heat continues to climb, so does the surge of critical vulnerabilities in popular software products, intensifying the global cyber threat landscape. Hot on the heels of the disclosure of CVE-2025-25257, a critical flaw in Fortinet’s FortiWeb web application firewall, another high-impact vulnerability has emerged. Adversaries are exploiting a critical zero-day vulnerability in […]
Following the recent disclosure of CVE-2025-47981, a critical heap-based buffer overflow in Windows SPNEGO Extended Negotiation, security teams now face another major threat, this time affecting Fortinet’s FortiWeb web application firewall. Designated as CVE-2025-25257 and assigned a CVSS score of 9.6, this vulnerability is an unauthenticated SQL injection flaw that allows attackers to execute arbitrary […]
With over 1.4 billion devices running Windows and widespread adoption of Microsoft 365 and Azure, Microsoft technologies continue to form the foundation of modern enterprise infrastructure. However, this ubiquity also makes them an attractive target for threat actors. According to the 2025 BeyondTrust Microsoft Vulnerabilities Report findings, 2024 saw a record-breaking 1,360 Microsoft-related vulnerabilities — […]
Shortly after the disclosure of two Sudo-related local privilege escalation vulnerabilities affecting major Linux distributions, attention has shifted to a critical security issue in NetScaler ADC, which has already been exploited in the wild. The vulnerability tracked as CVE-2025-5777 is characterized as a memory overflow issue that may lead to unexpected control flow and potential […]
Following the disclosure of two local privilege escalation (LPE) vulnerabilities, CVE-2025-6018 and CVE-2025-6019, less than a month ago, that impact major Linux distributions, a new wave of security flaws targeting Linux systems has recently emerged. Security researchers have identified two local privilege escalation vulnerabilities, tracked as CVE-2025-32462 and CVE-2025-32463, that affect a widely used Sudo […]
As the summer heat intensifies, so does the wave of critical vulnerabilities heating up the cyber threat landscape. Hot on the heels of the disclosure of the CVE-2025-49144 vulnerability in Notepad++, multiple critical flaws in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) have come to light. The newly identified flaws tracked […]
The summer season has proven to be alarmingly hot, not due to rising temperatures, but because of a surge in critical cybersecurity vulnerabilities. Threat actors have ramped up exploitation efforts, targeting widely used software and systems. Recent examples include CVE-2025-6018 and CVE-2025-6019, two local privilege escalation (LPE) flaws targeting major Linux distributions, as well as […]
June has been a challenging month for cybersecurity teams, with a wave of high-impact vulnerabilities disrupting the threat landscape. After the disclosure of a newly patched XSS zero-day in Grafana (CVE-2025-4123), affecting over 46,500 active instances, two other critical flaws have surfaced that can be chained together, significantly increasing the potential for exploitation. Adversaries can […]