Vulnerability News

2024 marked a record-breaking year for cybersecurity challenges as threat actors ramped up their exploitation of vulnerabilities. According to the latest findings from VulnCheck, 768 Common Vulnerabilities and Exposures (CVEs) were publicly reported as exploited...

Arm, a leader in semiconductor technology, has disclosed a series of critical security vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. These vulnerabilities, spanning across multiple GPU architectures, including Bifrost, Valhall, and the...

NVIDIA has released a critical software security update to address multiple vulnerabilities affecting its GPU Display Driver and Virtual GPU (vGPU) software. Among these is CVE‑2024‑0149, a vulnerability in the NVIDIA GPU Display Driver for...

BeyondTrust, a leading identity and access management firm, disclosed a critical security breach impacting 17 customers of its Remote Support SaaS platform. The breach was attributed to the exploitation of zero-day vulnerabilities and has since...

A sophisticated race condition vulnerability affecting Windows 11 (x64) kernel operations, highlighting ongoing concerns about kernel-level security in modern operating systems. These race conditions, which stem from the operating system's inability to synchronize shared resources...

A critical unauthenticated Remote Code Execution (RCE) vulnerability has been affecting DSL-3788 routers, allowing attackers to acquire complete control over the router remotely. The flaw has been detected in firmware versions v1.01R1B036_EU_EN and below. This...

James Forshaw of Google Project Zero has shed light on a significant security vulnerability in Windows related to accessing trapped COM objects through the IDispatch interface. This research highlights an intriguing bug class that...

Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products.  These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive...

A new jailbreak vulnerability in OpenAI’s ChatGPT-4o, dubbed "Time Bandit," has been exploited to bypass the chatbot’s built-in safety functions. This vulnerability allows attackers to manipulate the chatbot into producing illicit or dangerous content, including...

A detailed walkthrough demonstrates how attackers can manipulate Azure Key Vault's access policies after compromising Entra ID (formerly Azure AD) credentials. According to Faran Siddiqui, a penetration tester report, a "Key Vault 06 -...