Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Vulnerability
Researchers Expose Critical Secure Boot Vulnerabilities Affecting Millions of UEFI Systems

Researchers Expose Critical Secure Boot Vulnerabilities Affecting Millions of UEFI Systems

Security researchers have uncovered two significant vulnerabilities that can completely bypass Secure Boot protections on UEFI-compatible systems, po…
Critical Signature Verification Flaw Discovered in OpenPGP.js Library

Critical Signature Verification Flaw Discovered in OpenPGP.js Library

A critical vulnerability in the widely used OpenPGP.js library has been discovered that allows attackers to spoof message signatures, potentially com…
10-Year-Old Vulnerability Discovered in Roundcube Webmail Affects Millions of Hosts

10-Year-Old Vulnerability Discovered in Roundcube Webmail Affects Millions of Hosts

A critical security vulnerability that remained hidden for nearly a decade has been discovered in Roundcube Webmail, potentially affecting over 53 mi…
Critical RCE Flaw Discovered in D-Tale Data Visualization Tool

Critical RCE Flaw Discovered in D-Tale Data Visualization Tool

A critical security vulnerability has been discovered in D-Tale, a popular data visualization tool, allowing attackers to execute arbitrary system c…
Ivanti EPMM Under Attack: Critical RCE Flaws Actively Exploited

Ivanti EPMM Under Attack: Critical RCE Flaws Actively Exploited

Security researchers at watchTowr have published their analysis of two critical vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) soluti…
Critical Pre-Auth RCE Vulnerabilities Found in SysAid On-Premise ITSM Solution

Critical Pre-Auth RCE Vulnerabilities Found in SysAid On-Premise ITSM Solution

Cybersecurity research firm watchTowr has disclosed multiple critical vulnerabilities in SysAid's on-premises IT Service Management (ITSM) soluti…
Critical Vulnerabilities Actively Exploited in SonicWall SMA Appliances

Critical Vulnerabilities Actively Exploited in SonicWall SMA Appliances

Security researchers at watchTowr have published an analysis of two vulnerabilities currently being exploited in the wild against SonicWall's Sec…
Apache Tomcat Releases Security Updates for DoS and Bypass Vulnerabilities

Apache Tomcat Releases Security Updates for DoS and Bypass Vulnerabilities

The Apache Software Foundation has released important security updates addressing two vulnerabilities in Apache Tomcat, the popular open-source web s…
Critical RCE Vulnerability in Commvault Backup Software

Critical RCE Vulnerability in Commvault Backup Software

Security researchers at watchTowr have disclosed a critical remote code execution (RCE) vulnerability in Commvault's backup and recovery software…
Critical Ivanti Connect Secure Vulnerability Under Active Exploitation by Chinese Hackers

Critical Ivanti Connect Secure Vulnerability Under Active Exploitation by Chinese Hackers

A critical security vulnerability in Ivanti Connect Secure VPN appliances ( CVE-2025-22457 ) is being actively exploited by suspected Chinese state-…
Critical Authentication Bypass Vulnerability Discovered in CrushFTP

Critical Authentication Bypass Vulnerability Discovered in CrushFTP

A severe authentication bypass vulnerability has been identified in CrushFTP, a popular multi-protocol file transfer server used by many organization…
IngressNightmare - Critical RCE Vulnerabilities Expose Kubernetes Clusters

IngressNightmare - Critical RCE Vulnerabilities Expose Kubernetes Clusters

Cybersecurity researchers at Wiz ( recently acquired by Google ) have uncovered multiple severe vulnerabilities in the Ingress NGINX Controller for K…
Auth Bypass Vulnerability Disclosed in Next.js Middleware

Auth Bypass Vulnerability Disclosed in Next.js Middleware

A critical security vulnerability has been identified in Next.js, the popular React framework, which could allow attackers to bypass authorization ch…
Critical Windows Vulnerability Leaks NTLM Hashes Without User Interaction

Critical Windows Vulnerability Leaks NTLM Hashes Without User Interaction

Security researchers have discovered and documented a critical Windows vulnerability (CVE-2025-24071) that enables attackers to steal authentication …
How Outdated Apps Are Compromising Your Android Security

How Outdated Apps Are Compromising Your Android Security

In today's hyper-connected mobile landscape, Android users face an increasingly sophisticated array of security threats that evolve faster than m…
Critical Vulnerability in Sitecore Experience Platform Discovered

Critical Vulnerability in Sitecore Experience Platform Discovered

Security researchers at Assetnote, recently acquired by Searchlight Cyber, have uncovered a pre-authentication remote code execution vulnerability in…
Google Release Details of AMD Microcode Vulnerability

Google Release Details of AMD Microcode Vulnerability

Last month, Google security researchers disclosed a high-severity vulnerability in AMD's CPU microcode signature verification system , affecting …
Three VMware Vulnerabilities Actively Exploited in the Wild

Three VMware Vulnerabilities Actively Exploited in the Wild

Broadcom has released urgent security patches to address three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion products. T…
Critical WordPress Plugin Vulnerability Affects 2 Million Sites

Critical WordPress Plugin Vulnerability Affects 2 Million Sites

A critical reflected cross-site scripting (XSS) vulnerability has been discovered in the Essential Addons for Elementor plugin, potentially affecting…
Critical RCE Vulnerability Discovered in MITRE Caldera Framework

Critical RCE Vulnerability Discovered in MITRE Caldera Framework

Security researchers have identified a critical remote code execution vulnerability in MITRE Caldera, a widely used adversary emulation platform. The…