Friday , July 10 2026

Vulnerabilities

DataCenter Exposes 38GB of PII Including Emails and Phone Numbers

38 GB

Cybersecurity researcher Jeremiah Fowler discovered an unencrypted database with 38 GB of CSV and PDF files and reported it to Website Planet. The exposed data included hundreds of thousands of names, addresses, phone numbers, emails, and other sensitive information. The publicly exposed database was not password-protected or encrypted. It contained …

Read More »

CVE-2025-54948
Trend Micro alerts of Apex One zero-day exploited in attacks

Apex One

Trend Micro warned customers to quickly secure their systems due to a remote code execution vulnerability in its Apex One endpoint security platform that is currently being exploited. Apex One is an endpoint security platform designed to automatically detect and respond to threats, including malicious tools, malware, and vulnerabilities. The …

Read More »

Dell Laptop PCs 100+ models affected through “ReVault” attack

Dell Laptop

More than 100 Dell laptop models in the Latitude and Precision series are vulnerable due to five common security issues affecting their firmware and Microsoft Windows APIs, according to a Cisco Talos report. Talos researchers named the vulnerabilities ReVault. They allow an attacker to keep access to a victim’s device …

Read More »

HashiCorp patched A Vault Flaw Allowing Code Execution

HashiCorp

HashiCorp has recently fixed a critical vulnerability—CVE-2025-6000—in its secrets management tool, Vault. With a CVSS score of 9.1, this flaw could let privileged Vault operators run arbitrary code on the host system if misconfigured. “A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code …

Read More »

17K+ SharePoint Servers Exposed to Internet : 840 Servers Vuln to 0-Day Attacks

840

Over 17k Microsoft SharePoint servers are exposed to internet attacks, with 840 vulnerable to the critical zero-day vulnerability CVE-2025-53770, according to Shadowserver Foundation. The “ToolShell” vulnerability has a critical CVSS score of 9.8 and lets unauthorized users run arbitrary code on on-premises SharePoint servers. Microsoft has attributed the attacks to …

Read More »

CVE-2025-31700 & CVE-2025-31701
Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE

Dahua

Dahua Technology released a security advisory about two serious vulnerabilities in its IP cameras, after a report from the Bitdefender IoT Research Team. The vulnerabilities, CVE-2025-31700 and CVE-2025-31701, each have a CVSS score of 8.1 and are due to buffer overflow issues that can let remote attackers crash devices or …

Read More »

(CVE-2025-6704, CVE-2025-7624)
Urgent Sophos Firewall Update: Two Critical RCE Flaws Patched

Sophos has released a security advisory addressing five vulnerabilities in Sophos Firewall, two of which are critical and could enable remote attackers to take control of affected devices in specific situations. The company confirms that fixes have been automatically deployed through hotfixes, assuming the auto-installation setting is default.   Remediation …

Read More »

Oracle Patched 200 Vulns With July 2025 CPU

Oracle’s July 2025 Critical Patch Update includes 309 new security patches, with 127 addressing remotely exploitable vulnerabilities. SecurityWeek found about 200 unique CVEs in Oracle’s July 2025 CPU, with nine patches for critical flaws. In October, Oracle Communications issued 84 security patches, the highest this month, similar to April. Out …

Read More »

Ivanti Zero-Days Exploited to Drop MDifyLoader

Cybersecurity researchers have revealed a new malware named MDifyLoader, linked to cyber attacks using security vulnerabilities in Ivanti Connect Secure (ICS) appliances. A JPCERT/CC report reveals that cybercriminals exploited CVE-2025-0282 and CVE-2025-22457 between December 2024 and July 2025 to deploy MDifyLoader, which facilitates Cobalt Strike attacks in memory. CVE-2025-0282 is …

Read More »

CISA added Fortinet FortiWeb vul to KEV catalog

Fortinet FortiWeb

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a crucial vulnerability in Fortinet FortiWeb in its Known Exploited Vulnerabilities (KEV) catalog, verifying that the SQL injection flaw is being actively exploited in cyberattacks across the globe. The vulnerability, tracked as CVE-2025-25257, affects Fortinet’s FortiWeb web application firewall and carries …

Read More »