PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution
Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql.
This flaw was identified during research into the exploitation of CVE-2024-12356, a remote code execution (RCE) vulnerability in BeyondTrust Privileged...
WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files.
The flaw, rated 7.8 on the CVSS scale, impacts...
Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. GreyNoise has observed active exploitation attempts targeting this vulnerability.
The flaw allows unauthenticated attackers to bypass...
Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale
A recent surge in exploitation activity has been observed targeting two critical vulnerabilities, CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud.
These attacks highlight the persistent threat posed by unpatched systems and the challenges organizations face...
Windows 11’s New Compression Formats Pose Security Risks with libarchive
Microsoft introduced a major update to Windows 11 (KB5031455), adding native support for 11 new compression formats, including RAR and 7z.
This update aimed to enhance user convenience by enabling file management directly within File...
Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS
Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface.
This vulnerability, with a CVSSv3.1...
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource
Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs).
Dubbed the "whoAMI" attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized...
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques
Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors.
Dubbed "SysBumps," this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed...
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enables MiTM Attack
CrowdStrike has disclosed a high-severity vulnerability in its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor.
The vulnerability, identified as CVE-2025-1146, originates from a validation logic error in the Transport...
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely
Google has rolled out an urgent security update for Chrome, addressing four high-severity vulnerabilities that could allow attackers to execute malicious code or compromise user data.
The update, Chrome version 133.0.6943.98/.99 for Windows/Mac and 133.0.6943.98...