Vulnerability News

The cybersecurity landscape witnessed unprecedented vulnerabilities during 2024, with a record-breaking 40,009 Common Vulnerabilities and Exposures (CVEs) published. This marks a staggering 38% increase from the 28,818 CVEs reported in 2023, highlighting the rapidly evolving...

Zoom, the popular video conferencing platform, has addressed several vulnerabilities across its suite of applications, ranging from privilege escalation to denial-of-service risks. These vulnerabilities, identified with distinct CVE IDs, highlight the importance of timely...

Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors.  Dubbed "SysBumps," this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed...

AI transformation starts with security. This theme echoed throughout Microsoft Ignite 2024, with security discussions drawing large crowds and securing top spots in the conference's most-attended sessions. Hundreds of security and IT professionals gathered early...

Critical Windows Task Scheduler involving schtasks.exe binary, which could enable malicious actors to execute commands with SYSTEM-level privileges, bypassing User Account Control (UAC) prompts and erasing audit logs. These flaws significantly elevate the threat landscape...

NVIDIA has issued urgent security advisories addressing multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing (HMC) platforms, including a high-severity flaw (CVE-2024-0114, CVSS 8.1) that permits unauthorized code execution, privilege escalation, and systemic...

NVIDIA has issued a significant software update for its Riva speech AI platform, releasing version 2.19.0 to resolve two high-severity vulnerabilities (CVE-2025-23242 and CVE-2025-23243) involving improper access control mechanisms.  The update, detailed in a March...

A critical security vulnerability in the Essential Addons for Elementor plugin (CVE-2025-24752) has put over two million WordPress websites at risk of cross-site scripting (XSS) attacks.  The vulnerability discovered in the plugin’s handling of user...

Ivanti has issued critical updates for its Cloud Services Application (CSA) to address two significant vulnerabilities, one of which could allow attackers to execute arbitrary code remotely. The vulnerabilities, identified as CVE-2024-47908 and CVE-2024-11771, affect...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability, tracked as CVE-2024-21413. This remote code execution (RCE) flaw,...