Apache Parquet Java Vulnerability CVE-2025-46762 RCE Risk
A vulnerability has been identified in Apache Parquet Java, which could leave systems exposed to remote code execution (RCE) attacks. Apache Parquet contributor Gang Wu discovered,…
Author: Cybernoz
Windows 11 24H2 now ready to rollout to everyone
Microsoft announced over the weekend that the Windows 11 24H2 update is ready to roll out to all compatible PCs, excluding those with safeguard holds.…
Apache Parquet Java Vulnerability Enables Remote Code Execution
A high-severity vulnerability (CVE-2025-46762) has been discovered in Apache Parquet Java, exposing systems using the parquet-avro module to remote code execution (RCE) attacks. The flaw,…
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US
“Nation states take on a strategic positioning,” says George Barnes, a former deputy director at the National Security Agency, who spent 36 years at the…
Hackers Exploit Email Fields to Launch XSS and SSRF Attacks
Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site scripting (XSS) and server-side request forgery (SSRF) attacks. These vulnerabilities, often overlooked in web…
Access reviews can be fixed – here’s how.
Regular User Access Reviews are required for regulatory compliance with standards such as SOX, HIPAA, GLBA, PCI, NYDFS, NYSDOH, and SOC 2. Additionally, increasing numbers…
Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims
A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a surge in malicious activity tied to the Luna Moth hacking…
New SonicBoom Attack Allows Bypass of Authentication for Admin Access
A critical new attack chain, dubbed “SonicBoom,” that enables remote attackers to bypass authentication and seize administrative control over enterprise appliances, including SonicWall Secure Mobile…
Researcher Uses Copilot with WinDbg to Simplify Windows Crash Dump Analysis
A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft’s WinDbg, dramatically simplifying Windows crash dump analysis. For decades, debugging Windows crash dumps…
Critical Webmin Vulnerability Let Remote Attackers Escalate Privileges to Root-Level
A critical security vulnerability in Webmin, a widely-used web-based system administration tool, has been discovered, allowing remote attackers to escalate privileges and execute code with…
SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control
Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the “SonicBoom Attack Chain,” which allows hackers to bypass authentication and seize administrative control over…
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions Pierluigi Paganini May 05, 2025 Supply chain attack via 21 backdoored Magento extensions hit…