In recent time, Hacker exploited Windows, VMware and Linux flaw. On another side, Australia warn about of BadCandy infections on unpatched Cisco devices. VMware:Â CISA added a serious security flaw affecting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities list after reports of ongoing exploitation. The …
Read More »92% of Exchange servers in Germany unprotected
92% of Microsoft Exchange servers in Germany are outdated and won’t get any more security updates, as warned by the German Federal Office for Information Security (BSI). The BSI in Germany reports about 33,000 on-premise Exchange servers with publicly accessible Outlook Web Access. About 30,360 servers are running Exchange 2019 …
Read More »DomeWatch leak exposed Capitol Hill applicants’ personal data
Thousands of Americans’ personal job-seeking details were publicly exposed because of an unsecured database linked to the House Democrats’ Official Online Resume Bank, DomeWatch.us. The security lapse was brought to light by the research firm Safety Detectives, after an anonymous cybersecurity researcher reported to them about an “unencrypted and non-password-protected …
Read More »New CoPhish attack steals OAuth tokens Exploitng Copilot Studio agents
A phishing technique named CoPhish misuses Microsoft Copilot Studio to deceive users into giving hackers access to their Microsoft Entra ID accounts. Datadog Security Labs identified a method that uses customizable AI agents on legitimate Microsoft domains to disguise OAuth consent attacks, making them seem trustworthy and avoiding user suspicion. …
Read More »Hackers exploited Samsung Galaxy S25 0-day vuln allowing camera access and location tracking
At Pwn2Own Ireland 2025, researchers Ben R. and Georgi G. from Interrupt Labs demonstrated their success in exploiting a zero-day vulnerability in the Samsung Galaxy S25. They gained complete control of the device, allowing them to activate the camera and track the user’s location. The exploit, revealed on the event’s final …
Read More »Oracle released 374 new security patches in its October 2025 Tuesday patch
Oracle’s October 2025 Critical Patch Update fixes 374 vulnerabilities in multiple products, making it one of the largest patches recently, covering databases, middleware, enterprise applications, and communication systems. As always, Oracle recommends that customers apply patches without delay, as many of the fixed vulnerabilities can be exploited remotely, even without …
Read More »Hackers Exploited 34 Zero-Day Vulns In Pwn2Own Ireland 2025
During the first day of the Pwn2Own Ireland 2025 hacking contest by Trend Micro’s Zero Day Initiative, participants earned $522,500 for their exploits. 34 new vulnerabilities have been used to hack printers, NAS devices, routers, and smart home products. The top prize of $100,000 was given in the ‘SOHO Smashup’ …
Read More »
(CVE-2025-6542, CVSS 9.3)
User Alert: TP-Link warns of critical command injection flaw in Omada gateways
TP-Link Systems has released a firmware update that fixes four serious vulnerabilities in its Omada gateway series, like ER605, ER7206, and ER8411, commonly used in businesses. These flaws—CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, and CVE-2025-7851—can let attackers run arbitrary commands on the devices, sometimes without needing authentication. According to TP-Link’s advisory, “An arbitrary …
Read More »CISA Adds Oracle, Apple and Microsoft Vulns to KEV Catalog
CISA has added five new CVEs to its Known Exploited Vulnerabilities catalog, including issues from Microsoft, Apple, and Oracle. The vulnerabilities flagged by CISA include: CVE-2022-48503 is a critical vulnerability (8.8 severity) in several Apple products that allows for arbitrary code execution via web content. Apple fixed it with better …
Read More »71,000+ WatchGuard security devices vulnerable to critical RCE
About 76,000 WatchGuard Firebox security devices are publicly exposed and vulnerable to a serious issue (CVE-2025-9242) that could let remote attackers execute code without authentication. Firebox devices serve as a central hub to manage traffic between internal and external networks, offering protection with policy management, security services, VPN, and real-time …
Read More »
InfoSecBulletin Cybersecurity for mankind