Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day vulnerabilities in various enterprise technologies. The event highlighted the increasing complexity of attack methods and the need for vendors to strengthen their defenses. Pwn2Own Berlin 2025, hosted by Trend Micro’s Zero Day Initiative (ZDI) over …
Read More »High-Severity Flaw Hits Atlassian Jira Data Center
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by enabling privilege escalation attacks, allowing attackers to gain elevated system privileges. This serious flaw has a CVSS score of 7.2, posing a significant risk to businesses using Atlassian’s project and …
Read More »Intel PC, laptop and server processors affected for 6 years: Report
A new class of vulnerabilities in Intel processors, called Branch Predictor Race Conditions (BPRC), enables attackers to extract sensitive data from the cache and RAM of other users on the same hardware. Recent research by computer scientists from the Computer Security Group (COMSEC) at the Department of Information Technology and …
Read More »SonicWall Patches 3 Flaws in SMA 100 Devices
SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code execution. The vulnerabilities are listed below: CVE-2025-32819 (CVSS score: 8.8) : A vulnerability in SMA100 lets an authenticated remote attacker with SSL-VPN user access bypass checks and delete any file, …
Read More »Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs). This vulnerability, known as CVE-2025-20188, has a CVSS score of 10, indicating the highest security flaw. The advisory highlights a vulnerability in the Out-of-Band Access Point (AP) Image Download feature …
Read More »Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has been actively exploited. CVE-2025-27363 (CVSS score: 8.1) is a high-severity vulnerability in the System component that allows local code execution without needing extra privileges. “The most severe of these issues is a high security vulnerability …
Read More »SonicWall Exploit Chain Exposes Admin Hijack Risk via 2 CVEs
A new exploit chain for SonicWall’s Secure Mobile Access (SMA) appliances has been released by watchTowr Labs. It details how two vulnerabilities, CVE-2023-44221 and CVE-2024-38475, can be combined to allow remote, unauthenticated attackers to hijack admin sessions and run arbitrary code. SonicWall identifies CVE-2024-38475 as a critical vulnerability in the …
Read More »SonicWall Patched for SSRF Vulnerability in SMA1000 Appliances
SonicWall’s Product Security Incident Response Team (PSIRT) has released a critical update for its SMA1000 series appliances due to a Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-2170, with a CVSS base score of 7.2. The flaw in the SMA1000 appliances’ WorkPlace interface allows unauthenticated remote attackers to send unauthorized …
Read More »Patch Now! SonicWall Confirms Active Exploitation of SMA 100 Vulns
On April 29, 2025, SonicWall announced that two previously disclosed vulnerabilities in its SMA 100 Series appliances are being actively exploited. They urge customers to update to the latest secure firmware to avoid compromise. First identified in December 2023, CVE-2023-44221 has now been confirmed as under active exploitation. The vulnerability—assigned …
Read More »Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol
Security vulnerabilities in Apple’s AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including remote code execution. Oligo Security researchers found flaws that can be exploited in zero-click and one-click remote code execution (RCE) attacks, man-in-the-middle (MITM) attacks, denial of service (DoS) attacks, and …
Read More »
InfoSecBulletin Cybersecurity for mankind