Fortinet disclosed a significant security flaw in its FortiOS, CVE-2025-24477, which is classified under CWE-122, could enable an authenticated attacker to execute arbitrary code or commands through specially crafted requests.
Service-specific roles inadvertently granted far broader permissions and provide the equivalent of full read access across entire Azure subscriptions than their names and descriptions suggest.
The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are advised to upgrade to it ASAP.
Multiple critical security vulnerabilities CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, and CVE-2025-49125 affecting Apache Tomcat web servers impact millions of web applications running on Tomcat v9.0.x to 11.0.x series.
Microsoft acknowledged the issues following a wave of customer reports from April 18th regarding MFA errors when trying to sign up for Microsoft 365 services.
The high-severity flaw is being tracked as CVE-2025-5419 (CVSS score: 8.8), and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
BadSuccessor: A Windows Server 2025 Vulnerability That Is Trivial To Exploit
VMware rolled out urgent patches for flaws lead to data leakage, command execution and DOS attacks, with no temporary workarounds available.
Mozilla’s Firefox has issued an emergency fix for two security vulnerabilities used in real-life attacks.
Google has warned that Chrome is open to attack, and has rushed out a fix for a vulnerability that enables a hacker to steal login credentials and bypass multi-factor authentication.
Microsoft releases fixes for 72 vulnerabilities; Among these, CVE-2025-32705-a remote code execution (RCE) vulnerability in Outlook is highlighted.
The vulnerability, tracked as CVE-2025-22247, affects both Windows and Linux versions of VMware Tools 11.x.x and 12.x.x, with macOS unaffected.
Cloud Common Vulnerabilities and Exposures (CVE) transparency by both Microsoft and Google that hit the max Common Vulnerability Scoring System severity rating of 10.
Apache Tomcat vulnerability Identified as CVE-2025-31650 posing a significant security risk.
The vulnerability tracked as CVE-2025-29810, was patched as part of Microsoft’s Apr 2025 Patch Tuesday security update cycle.
Meta warned Windows users to update the WhatsApp messaging app to 2.2450.6.
The vulnerability affects PHP versions – Below 8.1.32, Below 8.2.28, Below 8.3.18, Below 8.4.5.
Veeam RCE bug lets domain users hack backup servers, patch now; critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication.
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited.
Windows users had been exposed to 5 zero-day in Jan and Feb. Six Windows zero-days now.
