Alert

Zoom released a security update addressing six newly discovered vulnerabilities in its Workplace, Rooms, and SDK products for Windows, macOS, Linux, iOS, and Android. These issues could result in denial of service, information leaks, cross-site scripting, and integrity breaches. CVE-2025-46788 (CVSS 7.4): Improper Certificate Validation in Zoom for Linux CVE-2025-49464 …

Splunk has issued critical security updates for SOAR versions 6.4.0 and 6.4 to fix several vulnerabilities in third-party packages. The comprehensive security update published on July 7, 2025, fixes several Common Vulnerabilities and Exposures (CVEs) with severity levels from medium to critical. Critical vulnerabilities impact core components like git, Django, …

Fortinet has issued a critical patch for a critical vulnerability in its FortiWeb product, a web application firewall commonly used in enterprises. Identified as CVE-2025-25257, this high-severity issue is an unauthenticated SQL injection flaw that lets remote attackers run unauthorized SQL commands through specially crafted HTTP or HTTPS requests. “An …

Microsoft’s Patch Tuesday in July 2025 is critical, featuring updates for 137 vulnerabilities, including a zero-day in Microsoft SQL Server. The extensive nature of these updates brings relief to defenders and anxiety to users needing to secure their operations. This analysis emphasizes key points, the associated risks, and the implications …

ThreatFabric researchers have discovered a new sophisticated campaign by the Anatsa banking trojan targeting mobile banking users in the U.S. and Canada. This is the malware’s third major attack on North American financial institutions. The latest campaign marks a serious increase in threats, as cybercriminals have breached the official Google …

CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation. The list of flaws is as follows: CVE-2014-3931 (CVSS score: 9.8) A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory …

eSentire Threat Response Unit confirms that email accounts are heavily targeted. The report states that identity-driven threats rose 156% from 2023 to 2025, now making up 59% of threat cases in Q1 2025. This increase is fueled by Cybercrime-as-a-Service, particularly Phishing-as-a-Service, which attackers can access for as little as $200 …

IBM X-Force has analyzed Microsoft Azure Arc, revealing how this hybrid-cloud management tool can pose risks for code execution, privilege escalation, and stealthy persistence. This study began when IBM’s red team found a hardcoded Azure Service Principal secret in a PowerShell script, prompting a closer look at Azure Arc’s operations …

Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a significant increase in their activities. The FBI has announced that the cybercriminal group UNC3944 is now targeting the airline industry using advanced social engineering to attack major carriers. This alert …

Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow unauthorized users to run commands as the root user. The vulnerabilities CVE-2025-20281 and CVE-2025-20282 both have a CVSS score of 10.0. CVE-2025-20281: An unauthenticated remote code execution …