vulnerability
UK launches vulnerability research program for external experts
UK’s National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. The agency already conducts internal vulnerability research on a wide range of technologies and will continue to do so. However, the launch of VRI will create a parallel program designed to improve […]
Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot
Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls. The vulnerabilities could allow attackers with local or remote admin permissions to execute arbitrary code in System Management Mode (SMM), an environment isolated from the operating […]
Hackers are exploiting critical RCE flaw in Wing FTP Server
Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. The observed attack ran multiple enumeration and reconnaissance commands followed by establishing persistence by creating new users. The exploited Wing FTP Server vulnerability is tracked as CVE-2025-47812 and received the highest severity […]
‘123456’ password exposed chats for 64 million McDonald’s job applicants
Cybersecurity researchers discovered a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States. The flaw was discovered by security researchers Ian Carroll and Sam Curry, who found that the ChatBot’s admin panel utilized a test franchise that was protected by weak […]
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. Such a short deadline for installing the patches is unprecedented since CISA released the Known Exploited Vulnerabilities (KEV) catalog, showing the severity of […]
Ruckus Networks leaves severe flaws unpatched in management devices
Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve. The issues affect Ruckus Wireless Virtual SmartZone (vSZ) and Ruckus Network Director (RND), and range from uauthenticated remote code execution to hardcoded passwords or SSH public and private keys. Ruckus vSZ is a centralized wireless […]
New ServiceNow flaw lets attackers enumerate restricted data
A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. ServiceNow is a cloud-based platform that enables organizations to manage digital workflows for their enterprise operations. It is widely adopted across various industries, including public sector organizations, healthcare, financial institutions, and large […]
Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws
Today is Microsoft’s July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. This Patch Tuesday also fixes fourteen “Critical” vulnerabilities, ten of which are remote code execution vulnerabilities, one is an information disclosure, and two are AMD side channel attack flaws. The number […]
Windows 10 KB5062554 cumulative update released with 13 changes, fixes
Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and Windows 10 21H2, with thirteen new fixes or changes. The Windows 10 KB5062554 update is mandatory as it contains Microsoft’s July 2025 Patch Tuesday security updates, which fix one zero-day vulnerability and 136 other flaws. Windows users can install this update by going into Settings, clicking on Windows Update, and […]
Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. The CitrixBleed 2 vulnerability, which affects Citrix NetScaler ADC and Gateway devices, allows attackers to retrieve memory contents simply by sending malformed POST requests […]