Friday , July 10 2026

Vulnerabilities

Oracle Released Patched for 378 flaws for April 2025

378 flaws

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers databases, middleware, cloud services, and communication applications essential for global financial institutions, telecom providers, and cloud-native platforms. Key Highlights: Oracle Communications Applications had 42 new security updates, including 35 vulnerabilities …

Read More »

CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

hackers

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using specially crafted .library-ms files. Microsoft patched this vulnerability on March 11, 2025. It affects all supported Windows versions and has been weaponized less than two weeks after its disclosure. The …

Read More »

CISA Releases Ten Industrial Control Systems Advisories

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has released ten new advisories regarding Industrial Control Systems (ICS) to highlight serious vulnerabilities and exploits that could affect vital industrial systems. Released on April 10, 2025, these advisories offer essential information on current cybersecurity risks, aiding industries in threat prevention and protecting …

Read More »

Fortinet Addresses Multiple Vulnerabilities In Its Various Products

Fortinet

Fortinet has fixed several vulnerabilities in its products, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch. The vulnerabilities include improper log handling, unverified password changes, and weak credential protection. The company has released patches and strategies to protect users from possible exploitation. Insufficiently Protected Credentials Vulnerability in FortiOS: A …

Read More »

Microsoft patched 134 Windows security flaws including a zero-day

Microsoft

Microsoft’s April security update, released on Tuesday, addressed 121 vulnerabilities, marking the largest patch for the year. Despite a high number of bulletins, Microsoft addressed only one zero-day flaw this month, down from seven last month. It remains a top priority for IT to patch. CVE-2025-29824 is a privilege escalation …

Read More »

CVE-2025-30401
Alert! WhatsApp Vuls Let Attackers Execute Malicious Code

WhatsApp

The spoofing vulnerability, CVE-2025-30401, impacts all WhatsApp Desktop versions for Windows before 2.2450.6, posing a risk to users dealing with attachments on the platform. According to the official security advisory, the application “displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename …

Read More »

Australian fintech database exposed in 27000 records

Australian fintech

Cybersecurity researcher Jeremiah Fowler recently revealed a sensitive data exposure involving the Australian fintech company Vroom by YouX, previously known as Drive IQ. Fowler, in a report to Website Planet, found an unsecured Amazon S3 bucket with 27,000 records. This database contained sensitive personal information, such as driver’s licenses, medical …

Read More »

Over 200 Million Info Leaked Online Allegedly Belonging to X

200 million

Safety Detectives’ Cybersecurity Team found a forum post where a threat actor shared a .CSV file with over 200 million records from X users. The team discovered data in a forum post on the surface web. This popular forum features message boards for database downloads, leaks, cracks, and similar topics. …

Read More »

Micropatches released for Windows zero-day leaking NTLM hashes

NTLM

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving targets into opening malicious files in Windows Explorer. NTLM has been widely exploited in NTLM relay attacks (where threat actors force vulnerable network devices to authenticate to attacker-controlled servers) and …

Read More »

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

RCE

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities, which have a CVSS score of 9.8. Wiz Security named four vulnerabilities “IngressNightmare” that affect the admission controller of the popular open-source software used for directing external traffic to Kubernetes …

Read More »