flaw
-
Blog
Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. SAP NetWeaver is an application server and development platform that runs and connects SAP and non-SAP applications across different technologies. Last week, SAP disclosed an unauthenticated file upload vulnerability, tracked as CVE-2025-31324, in SAP NetWeaver Visual Composer,…
Read More » -
Blog
This newly discovered iOS flaw could completely brick your iPhone with a single line of code
An app developer and security researcher discovered an iOS vulnerability that could have allowed threat actors to remotely sabotage and brick the best iPhones using only a single line of code. Gilherme Rambo found a proof of concept flaw hidden in the internal messaging system; the vulnerability was related to Darwin notifications. A Darwin notification is a low-level interprocess communication…
Read More » -
Blog
Active! Mail RCE flaw exploited in attacks on Japanese orgs
An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. Active! mail is a web-based email client developed initially by TransWARE and later acquired by Qualitia, both Japanese companies. While it’s not widely used worldwide like Gmail or Outlook, Active! is often used as a groupware component in Japanese-language environments of large…
Read More » -
Blog
Intune flaw pushed Windows 11 upgrades on blocked devices
Microsoft has blamed a “code issue” for Windows 11 being offered to devices that weren’t supposed to have it after a flaw in a device management tool. Reports suggest that Intune, Microsoft’s software for managing enterprise devices, had a “latent code issue” that upgraded devices despite policies that should have blocked that from happening. In a post for admins, Microsoft…
Read More » -
Blog
ASUS warns of critical auth bypass flaw in routers using AiCloud
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. “An improper authentication control vulnerability…
Read More » -
Blog
Windows NTLM hash leak flaw exploited in phishing attacks on governments
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. The flaw tracked as CVE-2025-24054 was fixed in Microsoft’s March 2025 Patch Tuesday. Initially, it was not marked as actively exploited and was assessed as ‘less likely’ to be. However, Check Point researchers report having…
Read More » -
Blog
Critical FortiSwitch flaw lets hackers change admin passwords remotely
Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally. Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change security flaw (rated with a 9.8/10 severity score) in low-complexity attacks…
Read More » -
Blog
WinRAR flaw bypasses Windows Mark of the Web security alerts
A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. The security issue is tracked as CVE-2025-31334 and affects all WinRAR versions except the most recent release, which is currently 7.11. Mark of the Web is a security function in Windows…
Read More » -
Blog
Verizon Call Filter API flaw could’ve exposed millions of Americans’ call records
A security flaw in Verizon’s Call Filter app could’ve allowed threat actors to access details of incoming calls for another user, a security researcher has found. Discovered by cybersecurity researcher Evan Connelly in February, the API flaw has since been patched by the telecoms giant. However, in a blog post detailing the vulnerability, Connelly warned exploitation of the flaw could…
Read More » -
Blog
Max severity RCE flaw discovered in widely used Apache Parquet
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. The problem stems from the deserialization of untrusted data that could allow attackers with specially crafted Parquet files to gain control of target systems, exfiltrate or modify data, disrupt services, or introduce dangerous payloads such as ransomware. The…
Read More »