Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Vulnerability
Android "Pixnapping" Flaw Lets Malicious Apps Steal 2FA Codes in Under 30 Seconds

Android "Pixnapping" Flaw Lets Malicious Apps Steal 2FA Codes in Under 30 Seconds

A sophisticated new attack vector targeting Android devices can covertly steal two-factor authentication codes, private messages, and location data—a…
Critical Telerik UI Flaw Puts Millions of Enterprise Applications at Risk

Critical Telerik UI Flaw Puts Millions of Enterprise Applications at Risk

A newly disclosed vulnerability in Progress Telerik UI for ASP.NET AJAX could enable attackers to crash or potentially execute malicious code on mill…
13-Year-Old Bug in Redis Puts 330,000 Instances at Risk

13-Year-Old Bug in Redis Puts 330,000 Instances at Risk

A critical remote code execution vulnerability lurking in Redis for over a decade has been discovered by cybersecurity researchers, potentially expos…
The Top 7 Vulnerabilities Exposed During dApp Audits

The Top 7 Vulnerabilities Exposed During dApp Audits

As decentralized applications (dApps) scale, the web layer increasingly becomes a primary path for abuse. A single front-end flaw can steer users to …
Critical Spring Gateway Flaw Enables Remote Code Execution

Critical Spring Gateway Flaw Enables Remote Code Execution

A critical vulnerability (CVE-2025-41243) in Spring Cloud Gateway Server WebFlux enables attackers to execute arbitrary code on affected systems by m…
Technical Details of Actively Exploited Android Kernel Flaw Released

Technical Details of Actively Exploited Android Kernel Flaw Released

A critical Android kernel vulnerability that Google warned was being actively exploited has been thoroughly dissected by security researcher StreyPaw…
Critical Tableau Server Flaws Allow Attackers to Execute Malicious Code on Enterprise Systems

Critical Tableau Server Flaws Allow Attackers to Execute Malicious Code on Enterprise Systems

Salesforce has disclosed five critical security vulnerabilities in Tableau Server and Desktop that could allow attackers to execute arbitrary code an…
NetScaler Zero-Day Exploited for Two Months in Stealth Attacks

NetScaler Zero-Day Exploited for Two Months in Stealth Attacks

A sophisticated cyber threat actor exploited a critical Citrix NetScaler vulnerability for nearly two months before its discovery, successfully breac…
WinRAR Zero-Day Exploited to Deploy Backdoors via Fake Job Applications

WinRAR Zero-Day Exploited to Deploy Backdoors via Fake Job Applications

A previously unknown vulnerability in WinRAR has been actively exploited by Russian-aligned hackers to infiltrate corporate networks through sophisti…
New HTTP Desync Attacks Compromise Major CDNs and Government Systems

New HTTP Desync Attacks Compromise Major CDNs and Government Systems

Security researcher James Kettle has published groundbreaking research exposing fundamental vulnerabilities in HTTP/1.1 that led to critical security…
Critical Flaw Lets Attackers Hijack Train Brakes With $500 Radio Equipment

Critical Flaw Lets Attackers Hijack Train Brakes With $500 Radio Equipment

A critical security vulnerability in America's railway system allows attackers to remotely hijack train brake controls using inexpensive radio eq…
Critical Browser-Based Attack Chain Compromises Internal Networks Through Single Website Visit

Critical Browser-Based Attack Chain Compromises Internal Networks Through Single Website Visit

Security researchers have demonstrated a devastating new attack method that allows cybercriminals to execute remote code on internal corporate networ…
Critical Zero-Day Flaw in Fortinet FortiWeb Allows Complete System Takeover

Critical Zero-Day Flaw in Fortinet FortiWeb Allows Complete System Takeover

A severe pre-authentication SQL injection vulnerability in Fortinet's FortiWeb Fabric Connector has been discovered, allowing attackers to achiev…
'Enter, Exit, Leak': New CPU Side-Channel Attacks Break Isolation in Modern Processors

'Enter, Exit, Leak': New CPU Side-Channel Attacks Break Isolation in Modern Processors

Security researchers from Microsoft and ETH Zurich have uncovered four new speculative side-channel vulnerabilities in modern AMD and Intel processor…
Critical CitrixBleed 2 Zero-Day Enables Memory Theft, Bypasses Authentication

Critical CitrixBleed 2 Zero-Day Enables Memory Theft, Bypasses Authentication

A newly disclosed vulnerability in Citrix NetScaler appliances is allowing attackers to steal sensitive memory contents through a simple HTTP request…
Google Rushes to Fix Chrome's Fourth In-Wild Exploited Zero-Day - POC Released

Google Rushes to Fix Chrome's Fourth In-Wild Exploited Zero-Day - POC Released

Google has issued an emergency security update for Chrome to address a critical zero-day vulnerability that cybercriminals are actively exploiting in…
Critical Zero-Day Vulnerability Grants Root Access to Wing FTP Servers Worldwide

Critical Zero-Day Vulnerability Grants Root Access to Wing FTP Servers Worldwide

A critical null-byte injection vulnerability in Wing FTP Server has been discovered that allows attackers to gain complete root access to affected sy…
CitrixBleed 2 Vulnerability Now Under Active Attack Worldwide

CitrixBleed 2 Vulnerability Now Under Active Attack Worldwide

A critical new vulnerability dubbed " CitrixBleed 2 " is being actively exploited by cybercriminals, marking a dangerous return of sessio…
GerriScary - A Supply Chain Vulnerability Compromises 18 Google Projects

GerriScary - A Supply Chain Vulnerability Compromises 18 Google Projects

Security researchers at Tenable Cloud Research have disclosed a significant supply chain vulnerability dubbed " GerriScary " that exposed a…
Five Critical Security Vulnerabilities Disclosed in Widely-Used libxml2 Library

Five Critical Security Vulnerabilities Disclosed in Widely-Used libxml2 Library

The maintainers of libxml2, a fundamental XML parsing library used across countless software applications, have disclosed five serious security vulne…