Vulnerabilities

Cybersecurity researcher Jeremiah Fowler found and reported a non-password-protected database with over 86,000 records belonging to ESHYFT, a New Jersey-based HealthTech company. ESHYFT operates in 29 states and provides a mobile app platform connecting healthcare facilities with workers like Certified Nursing Assistants (CNAs), Licensed Practical Nurses (LPNs), and Registered Nurses …

Forescout Research- Vedere Labs identified a series of intrusion based on two Fortinet vulnerabilities which began with the exploitation of FortiGate firewall appliance dubbed SuperBlack. Researchers track this between late january and early March. Fortinet disclosed two authentication bypass vulnerabilities: CVE-2024-55591 in January and CVE-2025-24472 in February. When Fortinet first …

GitLab has released versions 17.9.2, 17.8.5, and 17.7.7 for its Community and Enterprise Editions to fix security vulnerabilities, including a critical authentication bypass issue. Critical Authentication Bypass Vulnerabilities: Two critical vulnerabilities, CVE-2025-25291 and CVE-2025-25292, are found in the ruby-saml library used by GitLab for SAML single sign-on (SSO) authentication. The …

Cisco has issued a security advisory for a high-severity vulnerability in its IOS XR Software, labeled CVE-2025-20138, with a CVSS score of 8.8, which signifies a serious risk. The vulnerability in the Command Line Interface (CLI) of Cisco IOS XR Software allows an authenticated local attacker to execute arbitrary commands …

NVIDIA has released a software update for Riva to fix security vulnerabilities that could allow privilege escalation, data tampering, denial of service, or information disclosure. NVIDIA Riva is a suite of GPU-accelerated microservices for multilingual speech and translation, designed for creating customizable, real-time conversational AI systems. It features automatic speech …

On Tuesday, Apple fixed a critical zero-day vulnerability affecting nearly all supported iPhones and iPads. The company noted that it could have been exploited in a extremely sophisticated attack against targeted individuals using older iOS versions. The vulnerability, identified as CVE-2025-24201, allows attackers to break out of the Web Content …

Cato CRTL team said, a new botnet campaign dubbed Ballista target the unpatched TP-Link Archer routers. CVE-2023-1389 is a serious security vulnerability in TP-Link Archer AX-21 routers that could allow command injection and remote code execution. The Hacker news reported, “The botnet exploits a remote code execution (RCE) vulnerability in …

A critical vulnerability, CVE-2025-24813, has been found in Apache Tomcat, which could let attackers execute remote code, leak sensitive data, or corrupt information. The Apache Software Foundation has released an urgent advisory, urging affected users to update right away. Apache Tomcat, a popular open-source web server and servlet container, has …

As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited CVE-2025-22224. 41,500 unpatched ESXi instances represent a major part of global virtualization, especially in healthcare, finance, and telecommunications. Broadcom released an emergency update to fix a vulnerability that allows attackers …

Broadcom issued a security alert on Tuesday, warning VMware customers about 3 exploited zero-day vulnerabilities. Vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 affect VMware ESXi, Workstation, and Fusion. Patches have been released for all affected products, but no workarounds are available. CVE-2025-22224 is a critical VMCI heap overflow vulnerability in VMware ESXi …