Alert

On April 29, 2025, SonicWall announced that two previously disclosed vulnerabilities in its SMA 100 Series appliances are being actively exploited. They urge customers to update to the latest secure firmware to avoid compromise. First identified in December 2023, CVE-2023-44221 has now been confirmed as under active exploitation. The vulnerability—assigned …

Indian Pimpri Chinchwad police’s cyber cell is looking into a complaint where a hacker demanded $80,000 (over Rs 68 lakh) from a biopharmaceutical company in Hinjewadi to release encrypted data he had stolen. A senior employee contacted the police on Monday following a threatening email received on April 27. A …

This week, Apple notified several individuals it believes were targeted by government spyware, according to two of those individuals. As of Wednesday, only two people have reported receiving notifications from Apple this week. Ciro Pellegrino, an Italian journalist for Fanpage, reported receiving an email and text from Apple on Tuesday …

Security vulnerabilities in Apple’s AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including remote code execution. Oligo Security researchers found flaws that can be exploited in zero-click and one-click remote code execution (RCE) attacks, man-in-the-middle (MITM) attacks, denial of service (DoS) attacks, and …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation. The vulnerabilities in question are listed below: CVE-2025-1976 (CVSS score: 8.6): A code …

On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-25-114-01 Schneider Electric Modicon Controllers ICSA-25-114-02 ALBEDO Telecom Net.Time – PTP/NTP Clock ICSA-25-114-03 Vestel AC Charger ICSA-25-114-04 Nice Linear eMerge E3 ICSA-25-114-05 Johnson Controls Software House iSTAR Configuration Utility (ICU) …

Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks. CVE-2025-31324 is a vulnerability that lets unauthenticated attackers upload malicious files to affected systems, risking full system compromise. A severe flaw with a CVSS score of 10.0 affects the Metadata …

A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python. Rated CVSS 9.1, the flaw could enable request smuggling attacks in applications where h11 is paired with a misconfigured or buggy HTTP proxy. “A leniency in h11’s parsing of line …

NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver and NVIDIA VGPU Software on various operating systems. The security bulletin lists various identified Common Vulnerabilities and Exposures (CVEs). The NVIDIA GPU Driver for Linux has a vulnerability (CVE-2025-23244) that …

The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login pages and Telegram alerts. SlashNext security experts have found a new tool, “SessionShark,” used by cyber criminals to steal Microsoft Office 365 login information. It can bypass multi-factor authentication (MFA), …