Vulnerability News

A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298. The PoC demonstrates memory corruption, shedding light on the...

A critical vulnerability in Subaru's STARLINK connected vehicle service was discovered late last year, exposing millions of vehicles and customer accounts across the United States, Canada, and Japan to potential cyberattacks. Subaru is known...

A recent cybersecurity report has identified critical vulnerabilities in Palo Alto Networks firewall devices that could enable attackers to bypass Secure Boot protections, exploit firmware-level flaws, and obtain elevated privileges, allowing them to maintain...

A critical security vulnerability, tracked as CVE-2025-23006, has been identified in SonicWall's SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC).  This flaw, classified under CWE-502 (Deserialization of Untrusted Data), carries a severity score...

Google has urgently patched two high-severity heap buffer overflow vulnerabilities in its Chrome browser, CVE-2025-0999, and CVE-2025-1426, that could allow attackers to execute arbitrary code and seize control of affected systems. The vulnerabilities, fixed in...

The Qualys Threat Research Unit (TRU) has uncovered two high-severity vulnerabilities in OpenSSH, the widely used suite for secure network communication. Tracked as CVE-2025-26465 and CVE-2025-26466, these flaws enable machine-in-the-middle (MitM) attacks against clients and...

A recent surge in exploitation activity has been observed targeting two critical vulnerabilities, CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. These attacks highlight the persistent threat posed by unpatched systems and the challenges organizations face...

Microsoft introduced a major update to Windows 11 (KB5031455), adding native support for 11 new compression formats, including RAR and 7z.  This update aimed to enhance user convenience by enabling file management directly within File...

Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface.  This vulnerability, with a CVSSv3.1...

Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs).  Dubbed the "whoAMI" attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized...