bug
-
Blog
Cisco Webex bug lets hackers gain code execution via meeting links
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. Tracked as CVE-2025-20236, this security flaw was found in the Webex custom URL parser and can be exploited by tricking users into downloading arbitrary files, which lets threat actors execute arbitrary commands on systems running…
Read More » -
Blog
OpenAI announces five-fold increase in bug bounty reward
OpenAI has announced a slew of new cybersecurity initiatives, including a 500% increase to the maximum award for its bug bounty program. In a blog post confirming the move, the organization set out plans to expand its cybersecurity grant program. So far, the tech giant has given funding to 28 research projects looking at both offensive and defensive security measures,…
Read More » -
Blog
Exchange Online bug mistakenly quarantines user emails
Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users’ emails. According to a new incident report added to the Microsoft 365 Admin Center, the email issues started almost five hours ago, at 10:11 UTC. While the company has yet to share what regions are impacted, this Exchange Online incident has been tagged as a critical service issue tracked under EX1038119 on the…
Read More » -
Blog
Veeam RCE bug lets domain users hack backup servers, patch now
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. The flaw was disclosed yesterday and affects Veeam Backup & Replication version 12.3.0.310 and all earlier version 12 builds. The company fixed it in version 12.3.1 (build 12.3.1.1139), which was released yesterday. According to a technical writeup by watchTowr Labs, who…
Read More » -
Blog
Is Microsoft’s Update a Feature or a Bug?
Microsoft’s March security update became the latest and perhaps most shocking mistake in a string of installation bugs plaguing users of the company’s Windows 10 and Windows 11 operating systems. Despite promoting 2025 as “the year of the PC refresh” and heavily marketing its Copilot+ PCs as “the fastest, most intelligent and most secure Windows PCs ever built,” Microsoft’s latest…
Read More » -
Blog
Juniper patches bug that let Chinese cyberspies backdoor routers
Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. This medium severity flaw (CVE-2025-21590) was reported by Amazon security engineer Matteo Memelli and is caused by an improper isolation or compartmentalization weakness. Successful exploitation lets local attackers with high privileges execute arbitrary code on vulnerable routers to compromise…
Read More » -
Blog
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. The vulnerable drivers were exploited in ‘Bring Your Own Vulnerable Driver’ (BYOVD) attacks where threat actors drop the kernel driver on a targeted system to elevate privileges. “An attacker with local access to a device can exploit these vulnerabilities…
Read More » -
Blog
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it has addressed the risk at…
Read More » -
Blog
Microsoft is increasing payouts for its Copilot bug bounty program
Microsoft has announced an expansion of its Copilot bug bounty program, boosting payouts and adding coverage of WhatsApp and Telegram tools. The move comes after a set of flaws spotted by researchers in August would have allowed hackers to “confuse” Copilot into leaking confidential data, while a separate flaw spotted by Tenable could have allowed attackers to meddle with Copilot…
Read More » -
Blog
Microsoft fixes bug causing Windows Server 2025 boot errors
Microsoft has fixed a known issue causing “boot device inaccessible” errors during startup on some Windows Server 2025 systems using iSCSI. “This is observed on servers operating under NDIS Poll Mode booting from an iSCSI LUN,” the company explained when it acknowledged the bug in late October. “Under such configuration, the server will experience the error during startup, after the installation…
Read More »