Friday , July 10 2026

Vulnerabilities

NVIDIA Releases Security Updates for BlueField, DOCA, Mellanox, ConnectX and NVOS

NVIDIA has issued important software updates to fix vulnerabilities in its BlueField DPUs, DOCA software, Mellanox DPDK, ConnectX network adapters, Cumulus Linux, and NVOS products. Many of these issues have high to critical severity and can lead to privilege escalation, denial of service, or information disclosure. The most severe vulnerability, …

Read More »

Android Alert: Google Patches 120 Flaws, Two Zero-Days Under Attack

120

Google released security updates for September 2025, fixing 120 security flaws in Android, including two vulnerabilities actively exploited in targeted attacks. The vulnerabilities are listed below: CVE-2025-38352 (CVSS score: 7.4): A privilege escalation flaw in the Linux Kernel component CVE-2025-48543 (CVSS score: N/A): A privilege escalation flaw in the Android …

Read More »

Palo Alto Networks data breach exposes customer info via Salesforce Instances

Salesforce

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. The company states that it was one of hundreds of companies affected by a supply-chain attack disclosed last week, in …

Read More »

Next.js and HashiCorp Vuln Found: Patch Now!

Next.js

A critical security flaw in the Next.js framework, marked as CVE-2025-29927, lets attackers bypass authorization, threatening web applications. This vulnerability stems from the mishandling of the x-middleware-subrequest header in Next.js middleware, which could allow unauthorized access to sensitive admin areas and protected resources. The vulnerability affects various versions of the …

Read More »

3 critical vulnerabilities affect Hikvision product: Patch Now

Hikvision

The Hikvision Security Response Center issued advisory revealing three critical vulnerabilities in HikCentral products. CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247 represent vulnerabilities with moderate to high severity, potentially allowing attackers to execute unauthorized commands, gain elevated privileges, or obtain administrative access. Summary:  (1) There is a CSV Injection Vulnerability in …

Read More »

(CVE-2025-20241)
Cisco Warns of High-Severity Flaw in Nexus Switches

cisco

Cisco Systems released a security advisory about a critical denial-of-service vulnerability in the Nexus 3000 and 9000 Series Switches using NX-OS software. The flaw, identified as CVE-2025-20241 and rated 7.4 on the CVSS scale, can let an unauthenticated nearby attacker interrupt essential network services. Cisco explains that “a vulnerability in …

Read More »

CVE-2025-9074
Docker Fixes Critical Desktop flaw With CVSS Score 9.3

Docker

Docker has issued fixes for a critical security vulnerability in the Docker Desktop app for Windows and macOS that could enable an attacker to escape a container. The vulnerability CVE-2025-9074 has a CVSS score of 9.3 and is fixed in version 4.44.3. “A malicious container running on Docker Desktop could access …

Read More »

South Asian APT to Compromise Phones of Military-linked Individuals In Bangladesh

A sophisticated South Asian APT group is conducting a widespread espionage campaign against military personnel and defense organizations in Sri Lanka, Bangladesh, Pakistan, and Turkey. Threat actors are using a multi-stage attack strategy that combines phishing with new Android malware to target the mobile devices of military-related individuals. The campaign …

Read More »

Azure’s Default API Connection Vuln Enables Full Cross-Tenant Compromise

API Connection

A critical vulnerability in Microsoft Azure’s API Connection allowed attackers to breach resources in various Azure tenants globally. Gulbrandsrud discovered the flaw that earned him a $40,000 bounty and a chance to present at Black Hat. This flaw exploited Azure’s shared API Management setup, allowing unauthorized access to Key Vaults, …

Read More »

CVE-2018-0171
FBI alerts of Russian hackers exploiting old Cisco flaw

FBI

The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service’s (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol …

Read More »