The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities. CVE-2025-5054 affects Ubuntu’s core-dump handler, Apport, while CVE-2025-4598 targets systemd-coredump, the default core-dump handler on Red Hat Enterprise Linux 9 and 10, as well as Fedora. These vulnerabilities allow a …
Read More »
CVE-2023-39780
Botnet hacks thousands of ASUS routers
GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to be part of a covert effort to create a network of backdoor devices, possibly aiming to establish a botnet in the future. The tactics in this campaign—sneaky initial access, using …
Read More »251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Cybersecurity researchers recently revealed a coordinated cloud-based scanning attack that targeted 75 different exposure points earlier this month. On May 8, 2025, GreyNoise observed activity from 251 malicious IP addresses located in Japan and hosted by Amazon. “These IPs triggered 75 distinct behaviors, including CVE exploits, misconfiguration probes, and recon …
Read More »Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges
A passback vulnerability has been found in some Canon printers, including production and multifunction models. If an attacker gains administrative access, they could obtain sensitive authentication information, including SMTP and LDAP connections. Affected Products: imageRUNNER ADVANCE Series imageRUNNER Series imagePRESS V Series imagePRESS Series imageCLASS Series i-sensys Series Satera Series …
Read More »Palo Alto Networks Warns of XSS Flaw: PoC Released
Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its PAN-OS software. The flaw allows malicious JavaScript to run in the browsers of authenticated Captive Portal users when they click specific links. Organizations using the Clientless VPN feature face a …
Read More »Pwn2Own Berlin reveals 29 critical vulns in major tech firms
Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day vulnerabilities in various enterprise technologies. The event highlighted the increasing complexity of attack methods and the need for vendors to strengthen their defenses. Pwn2Own Berlin 2025, hosted by Trend Micro’s Zero Day Initiative (ZDI) over …
Read More »High-Severity Flaw Hits Atlassian Jira Data Center
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by enabling privilege escalation attacks, allowing attackers to gain elevated system privileges. This serious flaw has a CVSS score of 7.2, posing a significant risk to businesses using Atlassian’s project and …
Read More »Intel PC, laptop and server processors affected for 6 years: Report
A new class of vulnerabilities in Intel processors, called Branch Predictor Race Conditions (BPRC), enables attackers to extract sensitive data from the cache and RAM of other users on the same hardware. Recent research by computer scientists from the Computer Security Group (COMSEC) at the Department of Information Technology and …
Read More »SonicWall Patches 3 Flaws in SMA 100 Devices
SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code execution. The vulnerabilities are listed below: CVE-2025-32819 (CVSS score: 8.8) : A vulnerability in SMA100 lets an authenticated remote attacker with SSL-VPN user access bypass checks and delete any file, …
Read More »Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs). This vulnerability, known as CVE-2025-20188, has a CVSS score of 10, indicating the highest security flaw. The advisory highlights a vulnerability in the Out-of-Band Access Point (AP) Image Download feature …
Read More »