A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected resources. The bug, CVE-2025-31492, patched in version 2.4.16.11, affects systems…
A recently discovered vulnerability in the AWS Systems Manager (SSM) Agent, a cornerstone of Amazon Web Services (AWS) used for managing EC2 instances and on-premises…
Google has rolled out a critical update for its Chrome browser, addressing a high-severity vulnerability that could allow remote code execution. The flaw, identified as…
Microsoft has disclosed an active exploitation of a zero-day vulnerability in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824. The flaw, classified as…
Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability identified as CVE-2024-12556. The flaw, referred to as “Kibana Prototype…
A critical vulnerability identified as CVE-2025-30401 was recently disclosed, highlighting a major security flaw in WhatsApp for Windows. This issue, which primarily affects desktop application versions prior…
MediaTek, a prominent semiconductor company specializing in mobile, IoT, and multimedia chipsets, has announced the release of critical software patches to address multiple security vulnerabilities…
A recent cyber threat named Neptune RAT has emerged as a rising concern for Windows users, targeting sensitive data and exhibiting advanced malicious capabilities. CYFIRMA…
Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering defenders with advanced threat analysis, vulnerability assessment, and incident response…
Cybersecurity researcher “0xdf” has cracked the “Ghost” challenge on Hack The Box (HTB), a premier platform for honing penetration testing skills, and shared an exhaustive…
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, from Kosovo to face charges in the Western District…
Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike…
