Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Vulnerability
Technical Details of Actively Exploited Android Kernel Flaw Released

Technical Details of Actively Exploited Android Kernel Flaw Released

A critical Android kernel vulnerability that Google warned was being actively exploited has been thoroughly dissected by security researcher StreyPaw…
Critical Tableau Server Flaws Allow Attackers to Execute Malicious Code on Enterprise Systems

Critical Tableau Server Flaws Allow Attackers to Execute Malicious Code on Enterprise Systems

Salesforce has disclosed five critical security vulnerabilities in Tableau Server and Desktop that could allow attackers to execute arbitrary code an…
NetScaler Zero-Day Exploited for Two Months in Stealth Attacks

NetScaler Zero-Day Exploited for Two Months in Stealth Attacks

A sophisticated cyber threat actor exploited a critical Citrix NetScaler vulnerability for nearly two months before its discovery, successfully breac…
WinRAR Zero-Day Exploited to Deploy Backdoors via Fake Job Applications

WinRAR Zero-Day Exploited to Deploy Backdoors via Fake Job Applications

A previously unknown vulnerability in WinRAR has been actively exploited by Russian-aligned hackers to infiltrate corporate networks through sophisti…
New HTTP Desync Attacks Compromise Major CDNs and Government Systems

New HTTP Desync Attacks Compromise Major CDNs and Government Systems

Security researcher James Kettle has published groundbreaking research exposing fundamental vulnerabilities in HTTP/1.1 that led to critical security…
Critical Flaw Lets Attackers Hijack Train Brakes With $500 Radio Equipment

Critical Flaw Lets Attackers Hijack Train Brakes With $500 Radio Equipment

A critical security vulnerability in America's railway system allows attackers to remotely hijack train brake controls using inexpensive radio eq…
Critical Browser-Based Attack Chain Compromises Internal Networks Through Single Website Visit

Critical Browser-Based Attack Chain Compromises Internal Networks Through Single Website Visit

Security researchers have demonstrated a devastating new attack method that allows cybercriminals to execute remote code on internal corporate networ…
Critical Zero-Day Flaw in Fortinet FortiWeb Allows Complete System Takeover

Critical Zero-Day Flaw in Fortinet FortiWeb Allows Complete System Takeover

A severe pre-authentication SQL injection vulnerability in Fortinet's FortiWeb Fabric Connector has been discovered, allowing attackers to achiev…
'Enter, Exit, Leak': New CPU Side-Channel Attacks Break Isolation in Modern Processors

'Enter, Exit, Leak': New CPU Side-Channel Attacks Break Isolation in Modern Processors

Security researchers from Microsoft and ETH Zurich have uncovered four new speculative side-channel vulnerabilities in modern AMD and Intel processor…
Critical CitrixBleed 2 Zero-Day Enables Memory Theft, Bypasses Authentication

Critical CitrixBleed 2 Zero-Day Enables Memory Theft, Bypasses Authentication

A newly disclosed vulnerability in Citrix NetScaler appliances is allowing attackers to steal sensitive memory contents through a simple HTTP request…
Google Rushes to Fix Chrome's Fourth In-Wild Exploited Zero-Day - POC Released

Google Rushes to Fix Chrome's Fourth In-Wild Exploited Zero-Day - POC Released

Google has issued an emergency security update for Chrome to address a critical zero-day vulnerability that cybercriminals are actively exploiting in…
Critical Zero-Day Vulnerability Grants Root Access to Wing FTP Servers Worldwide

Critical Zero-Day Vulnerability Grants Root Access to Wing FTP Servers Worldwide

A critical null-byte injection vulnerability in Wing FTP Server has been discovered that allows attackers to gain complete root access to affected sy…
CitrixBleed 2 Vulnerability Now Under Active Attack Worldwide

CitrixBleed 2 Vulnerability Now Under Active Attack Worldwide

A critical new vulnerability dubbed " CitrixBleed 2 " is being actively exploited by cybercriminals, marking a dangerous return of sessio…
GerriScary - A Supply Chain Vulnerability Compromises 18 Google Projects

GerriScary - A Supply Chain Vulnerability Compromises 18 Google Projects

Security researchers at Tenable Cloud Research have disclosed a significant supply chain vulnerability dubbed " GerriScary " that exposed a…
Five Critical Security Vulnerabilities Disclosed in Widely-Used libxml2 Library

Five Critical Security Vulnerabilities Disclosed in Widely-Used libxml2 Library

The maintainers of libxml2, a fundamental XML parsing library used across countless software applications, have disclosed five serious security vulne…
Critical Flaw in ZendTo File Transfer App Exposes User Data Across Organizations

Critical Flaw in ZendTo File Transfer App Exposes User Data Across Organizations

Security researchers have uncovered a serious path traversal vulnerability in ZendTo , a widely used file-sharing platform trusted by universities, …
Researchers Expose Critical Secure Boot Vulnerabilities Affecting Millions of UEFI Systems

Researchers Expose Critical Secure Boot Vulnerabilities Affecting Millions of UEFI Systems

Security researchers have uncovered two significant vulnerabilities that can completely bypass Secure Boot protections on UEFI-compatible systems, po…
Critical Signature Verification Flaw Discovered in OpenPGP.js Library

Critical Signature Verification Flaw Discovered in OpenPGP.js Library

A critical vulnerability in the widely used OpenPGP.js library has been discovered that allows attackers to spoof message signatures, potentially com…
10-Year-Old Vulnerability Discovered in Roundcube Webmail Affects Millions of Hosts

10-Year-Old Vulnerability Discovered in Roundcube Webmail Affects Millions of Hosts

A critical security vulnerability that remained hidden for nearly a decade has been discovered in Roundcube Webmail, potentially affecting over 53 mi…
Critical RCE Flaw Discovered in D-Tale Data Visualization Tool

Critical RCE Flaw Discovered in D-Tale Data Visualization Tool

A critical security vulnerability has been discovered in D-Tale, a popular data visualization tool, allowing attackers to execute arbitrary system c…