Linux Kernel ksmbd Flaw Lets Remote Attackers Execute Arbitrary Code
A critical vulnerability in the Linux Kernel’s ksmbd file sharing component allows remote attackers to execute code with kernel privileges. Tracked as CVE-2025-38561, this flaw…
A critical vulnerability in the Linux Kernel’s ksmbd file sharing component allows remote attackers to execute code with kernel privileges. Tracked as CVE-2025-38561, this flaw…
A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library allows attackers to achieve remote code execution with root privileges. Discovered by the Trend Micro Zero Day…
In January 2025, Supermicro released patches addressing critical vulnerabilities in its Baseboard Management Controller (BMC) firmware validation logic. Despite these updates, subsequent research has uncovered…
A new study has uncovered a method for silently installing custom extensions on Chromium-based browsers running in Windows domain environments. By exploiting how Chrome and…
A large-scale campaign targeting Mac users is leveraging fake GitHub pages to distribute information-stealing malware disguised as popular legitimate applications. Among the impersonated software are…
A comprehensive security analysis has revealed a widespread vulnerability affecting Firebase-powered mobile applications, with over 150 popular apps inadvertently exposing sensitive user data through misconfigured…
A person in his forties has been arrested in connection with a cyber-attack that caused days of disruption at several major European airports, including London…
Security researchers have discovered a wave of attacks that use in-memory PE loaders to slip past endpoint detection and response (EDR) systems. In these incidents, threat actors…
Attackers have discovered a way to exploit Google’s core services, Google Meet, YouTube, Chrome update servers and more using a technique called domain fronting. By…
A sophisticated effort by Russian-linked actors is seeking to sway public opinion ahead of Moldova’s September 28, 2025, vote, raising concerns over foreign interference in…
A newly disclosed flaw in OnePlus OxygenOS lets any app on a device read SMS and MMS messages without asking the user. Tracked as CVE-2025-10184,…
A serious security flaw in the Salesforce CLI installer (sf-x64.exe) has been assigned CVE-2025-9844. This weakness allows attackers to execute arbitrary code with SYSTEM-level privileges…