Cyber Kendra

A critical null-byte injection vulnerability in Wing FTP Server has been discovered that allows attackers to gain complete root access to affected sy…

A critical new vulnerability dubbed " CitrixBleed 2 " is being actively exploited by cybercriminals, marking a dangerous return of sessio…

Security researchers at Tenable Cloud Research have disclosed a significant supply chain vulnerability dubbed " GerriScary " that exposed a…

The maintainers of libxml2, a fundamental XML parsing library used across countless software applications, have disclosed five serious security vulne…

Security researchers have uncovered a serious path traversal vulnerability in ZendTo , a widely used file-sharing platform trusted by universities, …

Security researchers have uncovered two significant vulnerabilities that can completely bypass Secure Boot protections on UEFI-compatible systems, po…

A critical vulnerability in the widely used OpenPGP.js library has been discovered that allows attackers to spoof message signatures, potentially com…

A critical security vulnerability that remained hidden for nearly a decade has been discovered in Roundcube Webmail, potentially affecting over 53 mi…

A critical security vulnerability has been discovered in D-Tale, a popular data visualization tool, allowing attackers to execute arbitrary system c…

Security researchers at watchTowr have published their analysis of two critical vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) soluti…

Cybersecurity research firm watchTowr has disclosed multiple critical vulnerabilities in SysAid's on-premises IT Service Management (ITSM) soluti…

Security researchers at watchTowr have published an analysis of two vulnerabilities currently being exploited in the wild against SonicWall's Sec…

The Apache Software Foundation has released important security updates addressing two vulnerabilities in Apache Tomcat, the popular open-source web s…

Security researchers at watchTowr have disclosed a critical remote code execution (RCE) vulnerability in Commvault's backup and recovery software…

A critical security vulnerability in Ivanti Connect Secure VPN appliances ( CVE-2025-22457 ) is being actively exploited by suspected Chinese state-…

A severe authentication bypass vulnerability has been identified in CrushFTP, a popular multi-protocol file transfer server used by many organization…

Cybersecurity researchers at Wiz ( recently acquired by Google ) have uncovered multiple severe vulnerabilities in the Ingress NGINX Controller for K…

A critical security vulnerability has been identified in Next.js, the popular React framework, which could allow attackers to bypass authorization ch…

Security researchers have discovered and documented a critical Windows vulnerability (CVE-2025-24071) that enables attackers to steal authentication …

In today's hyper-connected mobile landscape, Android users face an increasingly sophisticated array of security threats that evolve faster than m…