23 May 2025
BadSuccessor: A Windows Server 2025 Vulnerability That Is Trivial To Exploit
BadSuccessor: A Windows Server 2025 Vulnerability That Is Trivial To Exploit
VMware rolled out urgent patches for flaws lead to data leakage, command execution and DOS attacks, with no temporary workarounds available.
Mozilla’s Firefox has issued an emergency fix for two security vulnerabilities used in real-life attacks.
Google has warned that Chrome is open to attack, and has rushed out a fix for a vulnerability that enables a hacker to steal login credentials and bypass multi-factor authentication.
Microsoft releases fixes for 72 vulnerabilities; Among these, CVE-2025-32705-a remote code execution (RCE) vulnerability in Outlook is highlighted.
The vulnerability, tracked as CVE-2025-22247, affects both Windows and Linux versions of VMware Tools 11.x.x and 12.x.x, with macOS unaffected.
Cloud Common Vulnerabilities and Exposures (CVE) transparency by both Microsoft and Google that hit the max Common Vulnerability Scoring System severity rating of 10.
Apache Tomcat vulnerability Identified as CVE-2025-31650 posing a significant security risk.
The vulnerability tracked as CVE-2025-29810, was patched as part of Microsoft’s Apr 2025 Patch Tuesday security update cycle.
Meta warned Windows users to update the WhatsApp messaging app to 2.2450.6.
The vulnerability affects PHP versions – Below 8.1.32, Below 8.2.28, Below 8.3.18, Below 8.4.5.
Veeam RCE bug lets domain users hack backup servers, patch now; critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication.
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited.
Windows users had been exposed to 5 zero-day in Jan and Feb. Six Windows zero-days now.
FinalDraft has been using Outlook email drafts for command-and-control communication in attacks; discovered by Elastic Security Labs that rely on malware loader named PathLoader, the FinalDraft backdoor, and multiple post-exploitation
Brand new vulnerabilities in OpenSSHnew now have patches for CVE-2025-26465 and CVE-2025-26466. The vulnerabilities allow miscreants to perform machine-in-the-middle attacks on the OpenSSH client and pre-authentication denial-of-service attacks.
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files.
Fortinet stated the new CVE-2025-24472 flaw added to FG-IR-24-535 is not a zero-day and was fixed in January. CVE-2024-55591 was exploited & a workaround provided.
CVE-2025-21298 is a high-severity vulnerability in OLE that enables remote code execution, with a CVSS score of 9.8.
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users’ computers.