More results...
A newly disclosed command injection vulnerability (CVE-2025-4230) in Palo Alto Networks PAN-OS software enables authenticated administrators to bypass restrictions and execute arbitrary commands with root privileges. With a CVSS v4.0 score of 5.7 (Medi…
Trend Micro has issued an urgent security bulletin addressing five critical vulnerabilities in its Apex One endpoint security platform that could allow attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities…
Cybersecurity researchers have uncovered the alleged sale of a sophisticated Malware-as-a-Service (MaaS) botnet that combines legitimate development frameworks with cutting-edge evasion techniques. The threat actor is reportedly offering the complete s…
A BitSight report reveals over 40,000 internet-connected security cameras globally are exposed, streaming live footage without protection. Learn how common devices, from home cameras to factory surveillance, pose privacy and security risks and get simp…
A newly disclosed vulnerability, CVE-2025-33073, dubbed the “Reflective Kerberos Relay Attack,” has shaken the Windows security landscape. Discovered by RedTeam Pentesting and patched by Microsoft on June 10, 2025, this flaw allows low-priv…
Palo Alto Networks has released patches for seven vulnerabilities and incorporated the latest Chrome fixes in its products.
The post Palo Alto Networks Patches Privilege Escalation Vulnerabilities appeared first on SecurityWeek.
Security researchers have uncovered the first-ever zero-click vulnerability in an AI agent, targeting Microsoft 365 Copilot and potentially exposing sensitive organizational data through a sophisticated attack chain dubbed “EchoLeak.” The c…
The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device.
Security researchers from Binarly have uncovered a major software vulnerability in the Unified Extensible Firmware Interface (UEFI) ecosystem, specifically impacting the Secure Boot mechanism used by almost all modern PCs and servers. Dubbed CVE-2025-3…
Microsoft confirmed a critical security vulnerability (CVE-2025-47176) in Microsoft Office Outlook, enabling attackers to execute arbitrary code. Despite the “Remote Code Execution” title, the attack vector is local, requiring attackers to run code fro…