Alert

Citrix has issued fixes for three security vulnerabilities in NetScaler ADC and NetScaler Gateway, one of which is currently being exploited. The vulnerabilities in question are listed below: CVE-2025-7775 (CVSS score: 9.2): Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service CVE-2025-7776 (CVSS score: 8.8): Memory overflow vulnerability leading …

Docker has issued fixes for a critical security vulnerability in the Docker Desktop app for Windows and macOS that could enable an attacker to escape a container. The vulnerability CVE-2025-9074 has a CVSS score of 9.3 and is fixed in version 4.44.3. “A malicious container running on Docker Desktop could access …

A new malware campaign is targeting various network devices, including routers from DrayTek, TP-Link, Raisecom, and Cisco. In July 2025, researchers found a stealthy loader spreading by taking advantage of unauthenticated command injection flaws in embedded web services. Compromise starts with simple HTTP requests that deliver a specific downloader script …

A sophisticated South Asian APT group is conducting a widespread espionage campaign against military personnel and defense organizations in Sri Lanka, Bangladesh, Pakistan, and Turkey. Threat actors are using a multi-stage attack strategy that combines phishing with new Android malware to target the mobile devices of military-related individuals. The campaign …

A critical vulnerability in Microsoft Azure’s API Connection allowed attackers to breach resources in various Azure tenants globally. Gulbrandsrud discovered the flaw that earned him a $40,000 bounty and a chance to present at Black Hat. This flaw exploited Azure’s shared API Management setup, allowing unauthorized access to Key Vaults, …

The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service’s (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol …

Apple has issued urgent security updates to fix a zero-day vulnerability that is being actively exploited, warning that attackers may have used it in targeted campaigns. CVE-2025-43300 is a flaw in Apple’s Image I/O framework that allows out-of-bounds writing, affecting how applications manage common image file formats. According to Apple’s …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the critical Trend Micro Apex One vulnerability, CVE-2025-54948, in its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation. Trend Micro Apex One is a popular endpoint security platform that detects and responds to malware and other security threats. However, …

F5 Networks has revealed a new HTTP/2 vulnerability impacting several BIG-IP products, which could enable remote attackers to conduct denial-of-service attacks on corporate networks. The security flaw named CVE-2025-54500, known as the “HTTP/2 MadeYouReset Attack,” was announced on August 13, 2025, with updates on August 15. The vulnerability exploits malformed …

Researchers have identified a new Crypto24 ransomware campaign, which they describe as a “dangerous evolution” in cybersecurity threats. According to Trend Micro researchers, recent attacks by Crypto24 actors display a combination of advanced evasion techniques and custom tools that can disable EDR solutions — including Trend Micro’s own Vision One …