vulnerability
Android gets patches for Qualcomm flaws exploited in attacks
Google has released security patches for six vulnerabilities in Android’s August 2025 security update, including two Qualcomm flaws exploited in targeted attacks. The two security bugs, tracked as CVE-2025-21479 and CVE-2025-27038, were reported through the Google Android Security team in late January 2025. The first is a Graphics framework incorrect authorization weakness that can lead to memory corruption […]
Microsoft now pays up to $40,000 for some .NET vulnerabilities
Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. Madeline Eckert, a senior program manager for Researcher Incentives and Bounty at Microsoft, stated that these changes aim to more accurately reflect the complexity involved in discovering and exploiting .NET vulnerabilities. “We’re excited to announce […]
Spikes in malicious activity precede new security flaws in 80% of cases
Researchers have found that in roughly 80% of cases, spikes in malicious activity like network reconnaissance, targeted scanning, and brute-forcing attempts targeting edge networking devices are a precursor to the disclosure of new security vulnerabilities (CVEs) within six weeks. This has been discovered by threat monitoring firm GreyNoise, which reports these occurrences are not random, […]
Hackers actively exploit critical RCE in WordPress Alone theme
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ‘Alone,’ to achieve remote code execution and perform a full site takeover. Wordfence is reporting the malicious activity, saying it has blocked over 120,000 exploitation attempts targeting its customers. The WordPress security firm also reports that the attacks started […]
Apple patches security flaw exploited in Chrome zero-day attacks
Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Tracked as CVE-2025-6558, the security bug is due to the incorrect validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine) open-source graphics abstraction layer, which processes GPU commands and translates OpenGL ES […]
New Lenovo UEFI firmware updates fix Secure Boot bypass flaws
Lenovo is warning of high-severity BIOS flaws that could let attackers bypass Secure Boot on all-in-one desktops using customized Insyde UEFI firmware. Devices confirmed to be impacted are IdeaCentre AIO 3 24ARR9 and 27ARR9, and the Yoga AIO 27IAH10, 32ILL10, and 32IRH8. UEFI is the modern replacement for the traditional PC BIOS, acting as a […]
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. Cybersecurity firm Darktrace discovered the attack during an incident response in April 2025, where an investigation revealed that the Auto-Color malware had evolved to include additional advanced evasion tactics. Darktrace reports […]
Lovense sex toy app flaw leaks private user email addresses
The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member’s email address simply by knowing their username, putting them at risk of doxxing and harassment. Lovense is an interactive sex toy manufacturer, best known for producing app-controlled sex toys with names like the Lush, […]
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. TCC is a security technology and a privacy framework that blocks apps from accessing private user data by providing macOS control over how their data is accessed and […]
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). The critical vulnerability was first disclosed on June 25, 2025, with Cisco warning that it impacts ISE and ISE-PIC versions 3.3 and 3.4, allowing unauthenticated, remote attackers to […]