Security News

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
2025-03-13 07:13

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier...

Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
2025-03-12 04:02

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier...

Critical PHP RCE vulnerability mass exploited in new attacks
2025-03-11 14:26

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices
2025-03-11 12:30

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution...

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
2025-03-11 06:45

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The...

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
2025-03-06 12:33

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code...

Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks
2025-03-03 13:56

Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day...

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)
2025-02-28 14:44

Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE...

Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363)
2025-02-27 09:27

A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid session data and gain...

Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time
2025-02-27 00:52

Boffins poked around inside censorship engines for years before Beijing patched hole Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released...