Vulnerability News

A critical security vulnerability in the Essential Addons for Elementor plugin (CVE-2025-24752) has put over two million WordPress websites at risk of cross-site scripting (XSS) attacks.  The vulnerability discovered in the plugin’s handling of user...

Notorious ransomware group Brain Cipher has claimed to have breached Deloitte UK, allegedly exfiltrating over 1 terabyte of sensitive data from the professional services giant. Brain Cipher is a ransomware group that emerged in June...

A surge in "Pass-the-Cookie" (PTC) attacks is undermining multi-factor authentication (MFA), enabling cybercriminals to hijack session cookies and bypass security measures to access sensitive accounts. Recent advisories from the FBI and cybersecurity firms highlight...

Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs).  Dubbed the "whoAMI" attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized...

Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw allows authenticated administrators...

Multiple vulnerabilities in Palo Alto Networks' Expedition migration tool have been discovered, potentially exposing sensitive firewall credentials, including usernames, cleartext passwords, device configurations, and API keys. These vulnerabilities pose significant risks to organizations using...

A Proof-of-Concept (PoC) exploit has been publicly released for a high-severity vulnerability in the popular file archiver 7-Zip. Tracked as CVE-2025-0411, this flaw allows attackers to bypass the Windows "Mark-of-the-Web" (MotW) security mechanism, potentially...

Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks. Broadcom patched the vulnerability in an emergency update. It...

A critical security vulnerability in LibreOffice (CVE-2025-0514) has been patched after researchers discovered that manipulated documents could bypass safeguards and execute malicious files on Windows systems. The flaw, rated 7.2 on the CVSS v4.0 scale,...

A critical XSS vulnerability identified in IBM's QRadar SIEM (Security Information and Event Management) platform, tracked as CVE-2024-47107, allows authenticated users execute malicious Javascript code through the platform's web interface, prompting immediate concern among...