Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Vulnerability
Apache Tomcat Releases Security Updates for DoS and Bypass Vulnerabilities

Apache Tomcat Releases Security Updates for DoS and Bypass Vulnerabilities

The Apache Software Foundation has released important security updates addressing two vulnerabilities in Apache Tomcat, the popular open-source web s…
Critical RCE Vulnerability in Commvault Backup Software

Critical RCE Vulnerability in Commvault Backup Software

Security researchers at watchTowr have disclosed a critical remote code execution (RCE) vulnerability in Commvault's backup and recovery software…
Critical Ivanti Connect Secure Vulnerability Under Active Exploitation by Chinese Hackers

Critical Ivanti Connect Secure Vulnerability Under Active Exploitation by Chinese Hackers

A critical security vulnerability in Ivanti Connect Secure VPN appliances ( CVE-2025-22457 ) is being actively exploited by suspected Chinese state-…
Critical Authentication Bypass Vulnerability Discovered in CrushFTP

Critical Authentication Bypass Vulnerability Discovered in CrushFTP

A severe authentication bypass vulnerability has been identified in CrushFTP, a popular multi-protocol file transfer server used by many organization…
IngressNightmare - Critical RCE Vulnerabilities Expose Kubernetes Clusters

IngressNightmare - Critical RCE Vulnerabilities Expose Kubernetes Clusters

Cybersecurity researchers at Wiz ( recently acquired by Google ) have uncovered multiple severe vulnerabilities in the Ingress NGINX Controller for K…
Auth Bypass Vulnerability Disclosed in Next.js Middleware

Auth Bypass Vulnerability Disclosed in Next.js Middleware

A critical security vulnerability has been identified in Next.js, the popular React framework, which could allow attackers to bypass authorization ch…
Critical Windows Vulnerability Leaks NTLM Hashes Without User Interaction

Critical Windows Vulnerability Leaks NTLM Hashes Without User Interaction

Security researchers have discovered and documented a critical Windows vulnerability (CVE-2025-24071) that enables attackers to steal authentication …
How Outdated Apps Are Compromising Your Android Security

How Outdated Apps Are Compromising Your Android Security

In today's hyper-connected mobile landscape, Android users face an increasingly sophisticated array of security threats that evolve faster than m…
Critical Vulnerability in Sitecore Experience Platform Discovered

Critical Vulnerability in Sitecore Experience Platform Discovered

Security researchers at Assetnote, recently acquired by Searchlight Cyber, have uncovered a pre-authentication remote code execution vulnerability in…
Google Release Details of AMD Microcode Vulnerability

Google Release Details of AMD Microcode Vulnerability

Last month, Google security researchers disclosed a high-severity vulnerability in AMD's CPU microcode signature verification system , affecting …
Three VMware Vulnerabilities Actively Exploited in the Wild

Three VMware Vulnerabilities Actively Exploited in the Wild

Broadcom has released urgent security patches to address three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion products. T…
Critical WordPress Plugin Vulnerability Affects 2 Million Sites

Critical WordPress Plugin Vulnerability Affects 2 Million Sites

A critical reflected cross-site scripting (XSS) vulnerability has been discovered in the Essential Addons for Elementor plugin, potentially affecting…
Critical RCE Vulnerability Discovered in MITRE Caldera Framework

Critical RCE Vulnerability Discovered in MITRE Caldera Framework

Security researchers have identified a critical remote code execution vulnerability in MITRE Caldera, a widely used adversary emulation platform. The…
Vulnerabilities in Ivanti Endpoint Manager Allow Credential Relay Attacks

Vulnerabilities in Ivanti Endpoint Manager Allow Credential Relay Attacks

Security researchers have discovered four critical vulnerabilities in Ivanti Endpoint Manager (EPM) that could allow unauthenticated attackers to pot…
PostgreSQL Patched Critical SQL Injection Vulnerability

PostgreSQL Patched Critical SQL Injection Vulnerability

Security researchers at Rapid7 have uncovered a significant SQL injection vulnerability (CVE-2025-1094) affecting PostgreSQL's interactive termin…
Researchers Uncover Authentication Bypass Vulnerability in Palo Alto Networks' PAN-OS

Researchers Uncover Authentication Bypass Vulnerability in Palo Alto Networks' PAN-OS

Security researchers at Assetnote have discovered a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS management interfa…
Google Uncover Critical AMD CPU Vulnerability Affecting Confidential Computing

Google Uncover Critical AMD CPU Vulnerability Affecting Confidential Computing

Google's Security Team has disclosed a high-severity vulnerability in AMD's CPU microcode signature verification system, affecting multiple A…
Cisco Webex Connect Flaw Exposed Millions of Chat Histories

Cisco Webex Connect Flaw Exposed Millions of Chat Histories

A critical security vulnerability in Cisco Webex Connect allowed unauthorized access to millions of customer support chat histories of every organiza…
New Security Flaws in Apple Chips Could Expose Sensitive Browser Data

New Security Flaws in Apple Chips Could Expose Sensitive Browser Data

Security researchers from Georgia Tech and Ruhr University Bochum have uncovered two significant vulnerabilities in Apple's latest processors tha…
Coolify Hit by Three RCE Flaws with Maximum CVSS Score

Coolify Hit by Three RCE Flaws with Maximum CVSS Score

Security researchers have uncovered three critical vulnerabilities in Coolify, the open-source platform used for managing servers, applications, and …