Google released a security advisory to address a zero-day vulnerability tracked as CVE-2025-4664. CVE-2025-4664 is an insufficient policy enforcement in Loader. The vulnerability could allow attackers to bypass security policies within Chrome’s Loader logic, potentially leading to unauthorized code execution or sandbox escape. Google mentioned in the advisory that they are aware of the reports … Continue reading “Google Releases Fix for Zero-day Vulnerability in Chrome (CVE-2025-4664)”
Fortinet Addresses Code Execution Vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder & FortiCamera (CVE-2025-32756)
Fortinet released a security advisory to address a critical severity vulnerability impacting FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. Tracked as CVE-2025-32756, the vulnerability has a CVSS score of 9.6. A remote unauthenticated attacker may exploit the stack-based overflow vulnerability to execute arbitrary code or commands via crafted HTTP requests.
Microsoft Patch Tuesday, May 2025 Security Update Review
Microsoft’s May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, May 2025 edition, Microsoft addressed 76 vulnerabilities. The updates include five critical and 66 important severity vulnerabilities. In this month’s … Continue reading “Microsoft Patch Tuesday, May 2025 Security Update Review”
Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2025-25014)
Kibana released a security advisory to address a critical severity tracked as CVE-2025-25014. Successful exploitation of the prototype pollution vulnerability may lead to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability (CVE-2025-20188)
Cisco released a security advisory to address a vulnerability in its IOS XE Wireless Controller that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. Tracked as CVE-2025-20188, the vulnerability has a critical severity rating with a CVSS score of 10.
FreeType Out-of-Bounds Write Vulnerability Added to CISA Known Exploited Vulnerabilities Catalog (CVE-2025-27363)
Google released its May 2025 security updates for Android, addressing 45 security vulnerabilities. One of the 45 vulnerabilities is an actively exploited zero-click FreeType 2 code execution vulnerability. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the flaw before May 27, 2025.
CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a critical severity vulnerability (CVE-2025-3248) impacting Langflow, a tool designed for building agentic AI workflows. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary system commands, leading to complete system compromise. CISA added the vulnerability to its Known Exploited … Continue reading “CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)”
CISA Warns of Actively Exploited Brocade, Commvault, and Qualitia Active! Mail Vulnerabilities (CVE-2025-1976, CVE-2025-3928, and CVE-2025-42599)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about three high-severity vulnerabilities impacting Broadcom Brocade Fabric OS, Commvault Web server, and Qualitia Active! Mail. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users to patch them before May 19, 2025.
SAP NetWeaver Zero-day Remote Code Execution Vulnerability (CVE-2025-31324)
SAP released an out-of-band emergency update to address a remote code execution zero-day vulnerability impacting NetWeaver. Tracked as CVE-2025-31324, the vulnerability has a critical severity rating with a CVSS score of 10. Threat actors are exploiting the vulnerability to hijack servers. CISA added CVE-2025-31324 to its Known Exploited Vulnerabilities Catalog, urging users to patch it … Continue reading “SAP NetWeaver Zero-day Remote Code Execution Vulnerability (CVE-2025-31324)”
Commvault Command Center Remote Code Execution Vulnerability (CVE-2025-34028)
A security researcher at watchTowr Labs discovered a critical vulnerability in Commvault Command Center that may allow an attacker to execute arbitrary code without authentication. Tracked as CVE-2025-34028, the vulnerability has a CVSS score of 9.0. CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities Catalog, urging users to patch it before May 23, 2025.
