InfoSecBulletin Cybersecurity for mankind

Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its PAN-OS software. The flaw allows malicious JavaScript to run in the browsers of authenticated Captive Portal users when they click specific links. Organizations using the Clientless VPN feature face a …

Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day vulnerabilities in various enterprise technologies. The event highlighted the increasing complexity of attack methods and the need for vendors to strengthen their defenses. Pwn2Own Berlin 2025, hosted by Trend Micro’s Zero Day Initiative (ZDI) over …

A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by enabling privilege escalation attacks, allowing attackers to gain elevated system privileges. This serious flaw has a CVSS score of 7.2, posing a significant risk to businesses using Atlassian’s project and …