Friday , July 10 2026

Vulnerabilities

Oracle released emergency patch for new E-Business Suite flaw

950

Oracle released an emergency security update over the weekend to fix a new vulnerability in E-Business Suite (EBS) that could allow remote access by unauthorized attackers. CVE-2025-61884 is an information disclosure vulnerability in the Runtime UI component, impacting EBS versions 12.2.3 to 12.2.14. It could enable unauthorized attackers to remotely …

Read More »

CVE-2023-28760
TP-Link Router Flaw Allows Root RCE via LAN, PoC Available

Rocco Calvi, a security researcher, discovered a serious flaw in the TP-Link AX1800 WiFi 6 Router (Archer AX21/AX20) that enables local network attackers to execute code remotely as the root user. CVE-2023-28760 is a high-severity vulnerability (CVSS 7.5) in the MiniDLNA service of the router’s media-sharing feature. As described in …

Read More »

CrowdStrike Releases Fixes for Two Falcon Sensor for Windows Vulns

Falcon Sensor

CrowdStrike has issued security updates for two vulnerabilities in its Falcon Sensor for Windows, CVE-2025-42701 and CVE-2025-42706. These flaws require local code execution and may let attackers delete files, which could affect system stability and security monitoring. Vulnerabilities found through CrowdStrike’s Bug Bounty program reflect their proactive security efforts. There’s …

Read More »

SonicWall Confirms Hackers Access All Cloud Firewall Backups

cloud backup

After its investigation in collaboration with leading IR Firm, Mandiant into the scope of a recent cloud backup security incident, SonicWall confirm that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service. The files contain encrypted credentials and configuration data; while …

Read More »

IBM fixed multiple vulns in its products, including critical one

IBM has issued fixes for three security vulnerabilities in its IBM Security Verify Access and IBM Verify Identity Access products. These issues could permit privilege escalation, command execution, and script injection. Customers are urged to install these patches right away to avoid exploitation in production environments. CVE-2025-36355 lets authenticated users …

Read More »

Hacker Claims Breach of Huawei Source Code and Internal Tools

A threat actor claims to have breached Huawei Technologies Co., Ltd. (Huawei), a multinational technology company based in Shenzhen, China, that specializes in telecommunications equipment. The incident, which the actor states occurred in October 2025, allegedly resulted in the exfiltration of internal company data. According to the actor, the compromised …

Read More »

Oracle released patch for E business suite (CVE-2025-61882) after Cl0p attack

Oracle has issued an emergency update to fix a serious security issue in its E-Business Suite, which has been targeted in recent Cl0p data theft attacks. The critical vulnerability, CVE-2025-61882 (CVSS score: 9.8), could let an unauthenticated attacker with HTTP access compromise the Oracle Concurrent Processing component. “This vulnerability is …

Read More »

Hackers exploited Zimbra flaw as zero-day using iCalendar files

Zimbra

Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. ICS files, or iCalendar files, store plain text calendar information, like meetings and events, and allow exchange between different calendar apps. Threat actors …

Read More »

Alert: Self-Propagating Malware Spreading Via WhatsApp

WhatsApp

Trendâ„¢ Research is investigating a malware campaign that uses WhatsApp to infect users. This attack is focused on spreading quickly and taking advantage of social trust, rather than theft or ransomware. It’s called SORVEPOTEL and is currently most active in Brazil. The campaign is dubbed SORVEPOTEL by Trend Micro that …

Read More »

Splunk Fixes Six Flaws, Including SSRF and XSS Vulns in Enterprise Platform

Splunk i

Splunk issued security advisories for six vulnerabilities in Splunk Enterprise and Splunk Cloud Platform, with severity levels from medium to high. The issues include improper access control, various cross-site scripting (XSS) types, XML external entity (XXE) injection, denial-of-service (DoS) via LDAP misuse, and a high-severity server-side request forgery (SSRF). CVE-2025-20366 …

Read More »