Alert

Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow unauthorized users to run commands as the root user. The vulnerabilities CVE-2025-20281 and CVE-2025-20282 both have a CVSS score of 10.0. CVE-2025-20281: An unauthenticated remote code execution …

Citrix has issued security updates for a critical vulnerability in NetScaler ADC that has been actively exploited. The vulnerability CVE-2025-6543 has a CVSS score of 9.2, indicating high severity. It’s a memory overflow issue that may cause control flow errors and denial-of-service. To exploit it, the appliance must be set …

Unidentified hackers are targeting exposed Microsoft Exchange servers to inject harmful code into login pages and steal credentials. Positive Technologies published an analysis last week revealing two types of JavaScript keylogger code on the Outlook login page. Those that save collected data to a local file accessible over the internet …

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication by taking advantage of Google’s “app-specific password” feature. Google’s Threat Intelligence Group reported that from April to early June, an operation pretended to be US State Department officials in emails, …

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel’s IKE affecting UDP port 500. The attack centers around CVE-2023-28771, a high-severity remote code execution vulnerability (CVSS 9.8) affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500. Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog, highlighting confirmed cases of these flaws being exploited in real-world scenarios. The catalog now features a zero-click iOS vulnerability exploited by mercenary spyware, as well as a command injection …

Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within the system. The company issued emergency patches on June 9, 2025, for five vulnerabilities (CVE-2025-49154 to CVE-2025-49158) rated medium to high on the CVSS 3.0 scale. CVE-2025-49154: Insecure Access Control …

Aim Labs discovered a zero-click AI vulnerability named “EchoLeak” in Microsoft 365 Copilot and reported several ways to exploit it to Microsoft’s MSRC team. The new attack method called “LLM Scope Violation” has been identified, which could also impact other RAG-based chatbots and AI agents. This finding marks a significant …

On Tuesday, Adobe released security updates for 254 vulnerabilities in its software, mainly affecting Experience Manager (AEM). There are 254 flaws, 225 of which are in AEM, affecting AEM Cloud Service and earlier versions up to 6.5.22. These have been addressed in AEM Cloud Service Release 2025.5 and version 6.5.23. …

A new report from Bitsight reveals that over 40,000 internet-connected security cameras around the world are exposed, broadcasting live footage without user consent or basic security. “Most times, all that an attacker needs to spy on homes or even large organizations is just a web browser and the right IP …