Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)
With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to b …
Read more
Published Date:
Jul 14, 2025 (1 day, 3 hours ago)
Vulnerabilities has been mentioned in this article.
Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot
Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.
The v …
Read more
Published Date:
Jul 14, 2025 (23 hours, 54 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-7029
CVE-2025-7028
CVE-2025-7027
CVE-2025-7026
Gigabyte UEFI Firmware Vulnerability Let Attackers Execute Arbitrary Code in the SMM Environment
Critical security vulnerabilities have been discovered in Gigabyte UEFI firmware that could allow attackers to execute arbitrary code in System Management Mode (SMM), one of the most privileged execut …
Read more
Published Date:
Jul 14, 2025 (23 hours, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-7029
CVE-2025-7028
CVE-2025-7027
CVE-2025-7026
Wing FTP Server Vulnerability Actively Exploited – 2000+ Servers Exposed Online
Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed.
The flaw, tracked as CVE-2025-4781 …
Read more
Published Date:
Jul 14, 2025 (23 hours, 14 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-47813
CVE-2025-47812
A software-defined radio can derail a US train by slamming the brakes on remotely
When independent security researcher Neil Smith reported a vulnerability in a comms standard used by trains to the US government in 2012, he most likely didn’t expect it would take until 2025 to sort …
Read more
Published Date:
Jul 14, 2025 (22 hours, 43 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1727
CitrixBleed 2 situation update — everybody already got owned
5 min read11 hours ago–Update time on CVE-2025–5777, after my prior two blogs.The tl;dr version is basically:The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence …
Read more
Published Date:
Jul 14, 2025 (21 hours, 26 minutes ago)
Vulnerabilities has been mentioned in this article.
Preventing Zero-Click AI Threats: Insights from EchoLeak
Key Takeaways
EchoLeak is a zero-click AI vulnerability that exploits Copilot’s use of historical contextual data to silently execute hidden prompts without user interaction.
The attack method relies …
Read more
Published Date:
Jul 15, 2025 (16 hours, 25 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32711
CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform
A critical vulnerability has been disclosed in Immich, a rapidly growing open-source project for self-hosted photo and video management, with over 70,000 stars on GitHub. Tracked as CVE-2025-43856 and …
Read more
Published Date:
Jul 15, 2025 (16 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-53833
CVE-2025-43856
CVE-2024-9014
HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts
Researchers from Unit 42 at Palo Alto Networks have uncovered a novel backdoor—HazyBeacon—used by a threat cluster identified as CL-STA-1020. The campaign, which began in late 2024, has targeted gover …
Read more
Published Date:
Jul 15, 2025 (16 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-53833
CVE-2025-43856
CVE-2023-33733
ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution
A flaw has been discovered in ImageMagick, the widely used open-source image manipulation suite, that could lead to stack buffer overflows under specific conditions involving image filename templates. …
Read more
Published Date:
Jul 15, 2025 (15 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-53101
CVE-2025-47812
CVE-2023-34152
CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps
A newly discovered Server-Side Template Injection (SSTI) vulnerability in the widely-used LaRecipe documentation tool has been assigned CVE-2025-53833 and scored a perfect 10.0 CVSS, indicating critic …
Read more
Published Date:
Jul 15, 2025 (14 hours, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-53833
CVE-2024-55661
CVE-2024-29291
CVE-2023-34251
20-Year-Old Vulnerability Allows Hackers to Control Train Brakes
CISA has issued a critical advisory warning about a severe vulnerability in railway communication systems that could allow attackers to control train brakes remotely.
The vulnerability, assigned CVE-2 …
Read more
Published Date:
Jul 15, 2025 (10 hours, 48 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1727
CISA Warns of Wing FTP Server Vulnerability Actively Exploited in Attacks
CISA has issued an urgent warning about a critical vulnerability in Wing FTP Server that is being actively exploited by cybercriminals.
The vulnerability, tracked as CVE-2025-47812, poses significant …
Read more
Published Date:
Jul 15, 2025 (8 hours, 10 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-47812
PoC Exploit Released for High-Severity Git CLI Arbitrary File Write Vulnerability
A critical vulnerability in Git CLI enables arbitrary file writes on Linux and macOS systems, with working proof-of-concept exploits now publicly available.
CVE-2025-48384, assigned a CVSS severity sc …
Read more
Published Date:
Jul 15, 2025 (5 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-47812
CVE-2025-48384
Beveiligingsonderzoek: CitrixBleed 2 grootschalig misbruikt
Cybercriminelen maken op grote schaal misbruik van de kwetsbaarheid CitrixBleed 2 (CVE-2025-5777), zo waarschuwt de Britse beveiligingsonderzoeker Kevin Beaumont. Sinds juni voeren aanvallers uit zowe …
Read more
Published Date:
Jul 15, 2025 (4 hours, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5777
CVE-2025-48384 affects Git Cli
Skip to contentCompressed by jpeg-recompress
July 15, 2025Git, the widely-used version control system, has been found vulnerable to two high-severity security flaws that could allow attackers to achie …
Read more
Published Date:
Jul 15, 2025 (4 hours, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CISA: ‘Remsystemen van treinen manipuleerbaar via kwetsbaarheid in protocol’
De Amerikaanse CISA waarschuwt voor een kwetsbaarheid waardoor kwaadwillenden de remmen van treinen kunnen manipuleren. Het gaat om een beveiligingsprobleem in een protocol dat wordt ingezet voor het …
Read more
Published Date:
Jul 15, 2025 (4 hours, 6 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1727
Vulnerable firmware for Gigabyte motherboards could allow bootkit installation
UEFI firmware running on 100+ Gigabyte motherboard models is affected by memory corruption vulnerabilities that may allow attackers to install persistent and difficult-to-detect bootkits (i.e., malwar …
Read more
Published Date:
Jul 15, 2025 (3 hours, 9 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-4919: Corruption via Math Space in Mozilla Firefox
In recent years, there has been an increase in interest in JavaScript engine vulnerabilities in order to compromise web browsers. Notably, vulnerabilities in JIT engines are among the most favorite on …
Read more
Published Date:
Jul 15, 2025 (1 hour, 57 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-4919
Louis Vuitton has sent an email to its customers detailing a cyberattack that exposed personal information, making it the third…