CVE-2025-29927: Next.js Vulnerability Exposes Websites to Authorization Bypass
A vulnerability in Next.js, an open-source React framework, could allow attackers to bypass authorization mechanisms, exposing web applications to security […]
Massive Oracle Cloud Hack Exposes 140,000 Enterprises: Hackers Demand Ransom
A massive security breach in Oracle Cloud has put over 140,000 enterprise customers at risk. A hacker exploited a vulnerability
Microsoft’s Code-Signing Service Misused for Malware Attacks
Cyber experts have disclose a way to exploit Microsoft’s Trusted Signing service to sign malware with short-lived three-day certificates, giving
UK’s NCSC Issues Roadmap for Post-Quantum Cryptography Transition
The UK’s National Cyber Security Centre (NCSC) has issued new guidance urging organizations to fully transition to post-quantum cryptography (PQC)
CVE-2025-23120: Veeam Fixes High-Risk Flaw Targeted by Ransomware Gangs
Veeam has released an important security update to fix a critical remote code execution (RCE) vulnerability in its Backup &
Persistent Malware ‘DollyWay’ Infects 20,000 WordPress Sites Since 2016
A large-scale malware campaign known as ‘DollyWay’ has been silently compromising WordPress websites since 2016. Over the past eight years,
NAKIVO Backup Vulnerability Under Attack: CISA Issues Urgent Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms over a newly exploited security flaw in NAKIVO Backup
GitHub Actions Breach Exposes Secrets: CISA Issues Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability affecting GitHub Actions,
Severe AMI MegaRAC Vulnerability Exposes Data Centers to Attacks
A critical vulnerability in American Megatrends International’s (AMI) MegaRAC Baseboard Management Controller (BMC) software poses a severe risk to data
Critical Apache Tomcat RCE Flaw (CVE-2025-24813) Actively Exploited – Patch Now!
A remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is currently being exploited in the wild. This
Hackers Use ClickFix to Steal Data from Hospitality Firms via Booking.com Scam
A new phishing campaign dubbed ‘ClickFix’ is impersonating Booking.com to infiltrate hospitality businesses and deploy multiple types of infostealing malware.
Critical FreeType Bug (CVE-2025-27363) Puts Linux Systems at Risk
Meta has issued a warning regarding a critical security flaw in the FreeType open-source font rendering library, highlighting potential active
Microsoft’s March Update: 57 Vulnerabilities Fixed, 6 Zero-Days Patched
Microsoft has rolled out its latest Patch Tuesday update, addressing 57 security vulnerabilities, including six zero-day flaws that are currently
Advanced SideWinder APT Hacks Critical Infrastructure Across The World
Cybersecurity experts have uncovered a new wave of attacks by the SideWinder advanced persistent threat (APT) group, targeting maritime, nuclear,
CVE-2024-4577: Critical PHP-CGI RCE Flaw Under Active Exploitation
A cyberattack campaign is actively targeting Japan’s technology, telecommunications, entertainment, education, and e-commerce industries. The attackers are exploiting CVE-2024-4577, a