flaw

  • Blog

    I’ve been waiting for this: Nvidia RTX 5080, 5070 Ti and 5070 SUPER could finally fix the biggest flaw — not enough VRAM

    One common complaint about Nvidia’s RTX 50-series GPUs amongst PC gamers has been the amount of video memory (VRAM) for what you pay. DLSS 4 and neural rendering help lighten the load, but demanding AAA titles can still push systems to their limits quickly. But it seems as if Team Green has a plan for this, as according to Kopite7kimi…

    Read More »
  • Blog

    Citrix Bleed 2 flaw now believed to be exploited in attacks

    A critical NetScaler ADC and Gateway vulnerability dubbed “Citrix Bleed 2” (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. Citrix Bleed 2, named by cybersecurity researcher Kevin Beaumont due to its similarity to the original Citrix Bleed (CVE-2023-4966), is an out-of-bounds memory read vulnerability that allows unauthenticated…

    Read More »
  • Blog

    Canada says Salt Typhoon hacked telecom firm via Cisco flaw

    The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges. The flaw was first disclosed in…

    Read More »
  • Blog

    New Linux udisks flaw lets attackers get root on major Linux distros

    Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of the “allow_active” user. The…

    Read More »
  • Blog

    Discord flaw lets hackers reuse expired invites in malware campaign

    Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. The campaign relies on a flaw in the Discord invitation system to leverage multi-stage infections that evade multiple antivirus engines. “Reviving” expired Discord invites Discord invite links are URLs that allow someone to join a specific Discord server. They…

    Read More »
  • Blog

    New Secure Boot flaw lets attackers install bootkit malware, patch now

    Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. The flaw affects nearly every system that trusts Microsoft’s “UEFI CA 2011” certificate, which is pretty much all hardware that supports Secure Boot. Binarly researcher Alex Matrosov discovered the CVE-2025-3052 flaw after finding…

    Read More »
  • Blog

    Over 84,000 Roundcube instances vulnerable to actively exploited flaw

    Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. The flaw, which impacts Roundcube versions 1.1.0 through 1.6.10, spanning over a decade, was patched on June 1, 2025, following its discovery and reporting by security researcher Kirill Firsov. The bug stems from unsanitized $_GET[‘_from’] input, enabling PHP object deserialization…

    Read More »
  • Blog

    New Mirai botnet infect TBK DVR devices via command injection flaw

    A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. The flaw, tracked under CVE-2024-3721, is a command injection vulnerability disclosed by security researcher “netsecfish” in April 2024. The proof-of-concept (PoC) the researcher published at the time came in the form of a specially…

    Read More »
  • Blog

    Cisco patches critical flaw affecting Identity Services Engine

    Cisco has issued patches for three vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) services. The three flaws, tracked as CVE-2025-20286, CVE-2025-20130, and CVE-2025-20129, included critical vulnerability with a rating of 9.9/10 which also included a public proof of concept exploit. Highest on the list priorities for customers was CVE-2025-20286, which was detailed as a ‘static…

    Read More »
  • Blog

    Last week’s 7-hour outage caused by software flaw

    American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. This massive outage affected multiple customer-facing services in what SentinelOne described as a “global service disruption.” SentinelOne acknowledged the outage in a post published Thursday, reassuring customers that their systems were still protected. “Customer endpoints are still protected at this time, but…

    Read More »
Back to top button
close