A data leak involving 8 million UK healthcare worker records, including IDs and financial information, was caused by a misconfigured database from the UK software firm Logezy, which specializes in employee data management. Cybersecurity researcher Jeremiah Fowler from vpnMentor discovered this issue. Fowler’s investigation found nearly 8 million unprotected records, …

GitHub has released security updates for GitHub Enterprise Server to fix several vulnerabilities, including a high-severity flaw that could allow code execution by attackers. Organizations are urged to apply these patches quickly to ensure system protection. High-Risk Code Execution Vulnerability: A vulnerability (CVE-2025-3509) in the pre-receive hook feature of GitHub …

Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10, has prompted the company to advise users to update the firmware of Asus routers that use AiCloud. Asus AiCloud is a cloud storage and remote access service for ASUS routers, …

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called “symlink”. This number has increased from the initial 14,000 and is expected to rise as investigations continue. The attack takes advantage of known vulnerabilities in Fortinet’s FortiGate devices. After gaining access, the threat …

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run code without authentication under specific conditions. The vulnerability CVE-2025-32433 has a maximum CVSS score of 10.0. “The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute …

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the serious threat to enterprise networks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the risks of using embedded or reused credentials.. The agency noted that while …

Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE) via malicious meeting invite links. The flaw, known as CVE-2025-20236, has a CVSS score of 8.8 and affects several versions of the Cisco Webex desktop application. “A vulnerability in the …

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly sophisticated attacks targeting a few iOS users. The vulnerabilities CVE-2025-31200 and CVE-2025-31201 allow for code execution and bypass mitigation on Apple’s iOS, iPadOS, and macOS platforms. Apple acknowledged a report …

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers databases, middleware, cloud services, and communication applications essential for global financial institutions, telecom providers, and cloud-native platforms. Key Highlights: Oracle Communications Applications had 42 new security updates, including 35 vulnerabilities …

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using specially crafted .library-ms files. Microsoft patched this vulnerability on March 11, 2025. It affects all supported Windows versions and has been weaponized less than two weeks after its disclosure. The …