Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!
Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad,…
Vulnerability
CISA Warns of Actively Exploited 0-Day Vulnerability in Apple iOS, iPadOS, and macOS
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability affecting Apple iOS, iPadOS, and macOS systems that is being actively exploited in the wild. CVE-2025-43300, an out-of-boun…
AI Systems Capable of Generating Working Exploits for CVEs in Just 10–15 Minutes
Cybersecurity researchers have developed an artificial intelligence system capable of automatically generating working exploits for published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit, fundamental…
Azure Default API Connection Flaw Enables Full Cross-Tenant Compromise
A critical security vulnerability in Microsoft Azure’s API Connection architecture has been discovered that could allow attackers to completely compromise resources across different tenant environments, potentially exposing sensitive data stored …
NIST Releases New Control Overlays to Manage Cybersecurity Risks in AI Systems
The National Institute of Standards and Technology (NIST) has unveiled a comprehensive initiative to address the growing cybersecurity challenges associated with artificial intelligence systems through the release of a new concept paper and proposed ac…
Windows Docker Desktop Vulnerability Allows Full Host Compromise
A critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack. The flaw, designated CVE-2025-9074, was patched in D…
14 Million-Download SHA JavaScript Library Exposes Users to Hash Manipulation Attacks
A critical security vulnerability has been discovered in the widely-used sha.js npm package, exposing millions of applications to sophisticated hash manipulation attacks that could compromise cryptographic operations and enable unauthorized access to s…
Warlock Ransomware Exploits SharePoint Flaws for Initial Access and Credential Theft
The Warlock ransomware group has intensified its operations by targeting unpatched on-premises Microsoft SharePoint servers, leveraging critical vulnerabilities to achieve remote code execution and initial network access. This campaign, observed in mid…
AI Browsers Can Be Tricked Into Paying Fake Stores in PromptFix Attack
The PromptFix attack tricks AI browsers with fake CAPTCHAs, leading them to phishing sites and fake stores where…
Paper Werewolf Exploits WinRAR Zero-Day Vulnerability to Deliver Malware
Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate archive files, a tactic that exploits the commonality of su…