Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)

A critical remote code execution vulnerability has been discovered in Anthropic’s open‑source tool, MCP Inspector, which is widely used by AI developers for debugging Model Context Protocol (MCP) servers. Tracked as CVE-2025-49596, the vulnerability has a CVSS score of 9.4. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code … Continue reading “Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)”

Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309)

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) are vulnerable to a hardcoded root SSH credential vulnerability tracked as CVE-2025-20309. The vulnerability has a critical severity rating with a CVSS score of 10. An attacker may exploit the vulnerability to log in to the affected system and … Continue reading “Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309)”

WingFTP Critical Remote Code Execution Vulnerability (CVE-2025-47812)

Julien Ahrens from RCE Security discovered a critical security vulnerability impacting WingFTP. Tracked as CVE-2025-47812, the vulnerability has a CVSS score of 10. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to complete system compromise.

Google Addresses Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6554)

Chrome browser is vulnerable to a security vulnerability being exploited in the wild. Tracked as CVE-205-6554, this is a type confusion vulnerability in V8. Clément Lecigne of Google’s Threat Analysis Group discovered and reported the vulnerability to Google.

Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-20281 & CVE-2025-20282)

Cisco addresses two critical severity vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 & CVE-2025-20282, both vulnerabilities have a CVSS score of 10. Successful exploitation of the vulnerabilities may allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.

Citrix NetScaler ADC and NetScaler Gateway Vulnerability Exploited in Denial-of-Service Attacks (CVE-2025-6543)

Citrix released a security update to address the vulnerability impacting NetScaler appliances. Tracked as CVE-2025-6543, successfully exploiting the memory overflow vulnerability may lead to unintended control flow and Denial of Service. Citrix mentioned in the advisory that they have reports suggesting exploitation of this vulnerability on unmitigated appliances. CISA acknowledged the vulnerability’s active exploitation by … Continue reading “Citrix NetScaler ADC and NetScaler Gateway Vulnerability Exploited in Denial-of-Service Attacks (CVE-2025-6543)”

PoC Released for Notepad++ Privilege Escalation Vulnerability (CVE-2025-49144)

Notepad++ is vulnerable to a privilege escalation vulnerability that may allow unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. Tracked as CVE-2025-49144, the vulnerability exposes millions of users worldwide to complete system compromise. There is proof-of-concept now publicly available.

Microsoft Patch Tuesday, June 2025 Security Update Review

Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, June 2025 edition, Microsoft addressed 69 vulnerabilities. The updates include 10 critical and 57 important severity vulnerabilities. In this … Continue reading “Microsoft Patch Tuesday, June 2025 Security Update Review”

ConnectWise ScreenConnect Command Injection Vulnerability Added to CISA KEV (CVE-2025-3935)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a high-severity vulnerability impacting ConnectWise ScreenConnect, tracked as CVE-2025-3935. Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code remotely or directly impact confidential data, leading to complete system compromise.