Windows BitLocker Bypass Vulnerability Let Attackers Bypass Security Feature
A critical security vulnerability in Windows BitLocker enables attackers to bypass the encryption feature through a sophisticated time-of-check time-of-use (TOCTOU) race condition attack.
Designated as CVE-2025-48818, this vulnerability affects multiple Windows versions and carries an...
Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges
A critical security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges and gain SYSTEM-level access to affected systems.
The vulnerability, tracked as CVE-2025-6759, affects multiple versions...
FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code
A critical security vulnerability has been discovered in FortiWeb web application firewalls that enables unauthenticated attackers to execute unauthorized SQL commands through specially crafted HTTP and HTTPS requests.
This vulnerability, classified as CWE-89 (Improper Neutralization...
Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network
A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over network connections.
This vulnerability stems from improper input validation within SQL Server's processing mechanisms, enabling...
Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems.
The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for...
Nippon Steel Solutions 0-Day Network Vulnerability Exposes Users Personal Information
Nippon Steel Solutions has disclosed a significant data breach affecting customer, partner, and employee personal information following a zero-day cyber attack that exploited a previously unknown software vulnerability in their network infrastructure.
The incident,...
DNN Vulnerability Let Attackers Steal NTLM Credentials via Unicode Normalization Bypass
A critical vulnerability in DNN (formerly DotNetNuke) that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique.
The vulnerability, tracked as CVE-2025-52488, affects one of the oldest open-source content management systems...
PoC Exploit Released for CitrixBleed2 Flaw – Attackers Can Exfiltrate 127 Bytes Per...
Security researchers have released proof-of-concept exploits for a critical vulnerability dubbed "CitrixBleed2" affecting Citrix NetScaler ADC and Gateway products.
The vulnerability, tracked as CVE-2025-5777, allows attackers to exfiltrate up to 127 bytes of sensitive data...
CISA Warns of PHPMailer Command Injection Vulnerability Exploited in Attacks
Key Takeaways1. CVE-2016-10033 in PHPMailer allows attackers to execute arbitrary code through command injection in the mail() function.2. The vulnerability is being exploited in live cyberattacks, risking system compromise and data breaches.3. Organizations must...
macOS SMBClient Vulnerability Allows Remote Code Execution and Kernel Crash
Multiple vulnerabilities in macOS SMBClient that could allow attackers to execute arbitrary code remotely and crash systems.
The vulnerabilities affecting the SMB filesystem client used for mounting remote file shares represent a significant security risk,...