cybersecurity

Elastic APM Server & Beats Have Local Privilege Escalation Flaws Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic APM Server & Beats Have Local Privilege Escalation Flaws

Do Son July 30, 2025

Elastic has issued patches for two local privilege escalation (LPE) vulnerabilities affecting its popular observability tools—APM Server...

Dropbox Passwords Is Shutting Down: Export Your Data by October 28, 2025, or Lose Everything Dropbox security incident Dropbox Passwords, Discontinuation

Dropbox security incident Dropbox Passwords, Discontinuation

Dropbox Passwords Is Shutting Down: Export Your Data by October 28, 2025, or Lose Everything

Do Son July 30, 2025

The well-known cloud storage provider Dropbox, once leveraging its expertise in data storage to introduce the password...

9.9 Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft BentoML SSRF, AI Application Security

BentoML SSRF, AI Application Security

9.9 Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

Do Son July 30, 2025

A severe server-side request forgery (SSRF) vulnerability has been disclosed in BentoML, a widely used Python framework...

Critical Critical Flaw in Wix’s New AI Platform Base44 Allowed Unauthorized Access to Private Enterprise Apps Wix Base44, AI Platform Vulnerability

Wix Base44, AI Platform Vulnerability

Critical Critical Flaw in Wix’s New AI Platform Base44 Allowed Unauthorized Access to Private Enterprise Apps

Do Son July 30, 2025

In a significant finding that highlights the risks associated with emerging AI development platforms, Wiz Research has...

9.8 Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

9.8 Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover

Do Son July 30, 2025

A critical-severity vulnerability in the popular Alone – Charity Multipurpose Non-profit WordPress Theme has left thousands of...

Gunra Ransomware Expands to Linux: New Variant Unleashes 100-Thread Encryption & Stealthy Tactics Gunra Ransomware, Linux Ransomware

Gunra Ransomware, Linux Ransomware

Gunra Ransomware Expands to Linux: New Variant Unleashes 100-Thread Encryption & Stealthy Tactics

Do Son July 30, 2025

Trend Micro has issued a spotlight on the evolving Gunra ransomware, which has extended its reach to...

6.9 TP-Link Archer C50 (EOL) Exposed: Hardcoded DES Key Allows Sensitive Config Decryption (CVE-2025-6982)

Archer MR600 command injection WireGuard client configuration Tapo smart device vulnerability unencrypted Bluetooth transmission TP-Link router vulnerability CVE-2026-5509 patch Archer AX53 Vulnerability TP-Link Router Security Tapo C520WS Vulnerability TP-Link Security Patch TP-Link Archer NX Router Vulnerability TP-Link Archer Vulnerability CVE-2025-15568 TP-Link Archer BE230 Vulnerability Command Injection TP-Link Omada Vulnerability CVE-2025-9520 TP-Link Archer MR600 Vulnerability CVE-2025-14756 CVE-2026-0629 TP-Link Omada RCE, CVE-2025-6542 TP-Link, Smart plug vulnerability TP-Link Archer C50, Hardcoded DES Key TP-Link NVR, Command Injection TP-Link Routers cybersecurity

6.9 TP-Link Archer C50 (EOL) Exposed: Hardcoded DES Key Allows Sensitive Config Decryption (CVE-2025-6982)

Do Son July 30, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note concerning a flaw in the TP-Link Archer...

0bj3ctivityStealer: Stealthy Info-Stealer Uses Steganography & PowerShell to Evade Detection Obj

Obj

0bj3ctivityStealer: Stealthy Info-Stealer Uses Steganography & PowerShell to Evade Detection

Do Son July 30, 2025

A recent analysis from the Trellix Advanced Research Center (ARC) has unveiled a sophisticated and stealthy info-stealer...

High BeyondTrust Privilege Management for Windows: Two High-Severity Flaws Allow Local Privilege Escalation BeyondTrust Vulnerability CVE-2026-1731 CVE-2024-12356 - CVE-2025-0889 BeyondTrust Privilege Escalation, Windows Security

BeyondTrust Vulnerability CVE-2026-1731 CVE-2024-12356 - CVE-2025-0889 BeyondTrust Privilege Escalation, Windows Security

High BeyondTrust Privilege Management for Windows: Two High-Severity Flaws Allow Local Privilege Escalation

Do Son July 30, 2025

BeyondTrust, a global leader in intelligent identity and access security, has issued two advisories addressing two local...

Raven Stealer: New MaaS Infostealer Plunders Data via Reflective Process Hollowing & Telegram Exfil Raven Stealer, MaaS Infostealer

Raven Stealer, MaaS Infostealer

Raven Stealer: New MaaS Infostealer Plunders Data via Reflective Process Hollowing & Telegram Exfil

Do Son July 30, 2025

A recent in-depth analysis from Cyfirma has shed light on the alarming capabilities of Raven Stealer, a...

ChatGPT Agent Bypasses Cloudflare Turnstile: AI Outsmarts “Human Verification” Systems AI CAPTCHA Bypass, Cloudflare Turnstile

AI CAPTCHA Bypass, Cloudflare Turnstile

ChatGPT Agent Bypasses Cloudflare Turnstile: AI Outsmarts “Human Verification” Systems

Do Son July 30, 2025

Cloudflare’s Turnstile CAPTCHA feature is designed to automate verification and reduce friction caused by traditional image selection...

9.8 SonicWall Alert: Critical SSL VPN Flaw (CVE-2025-40600) Allows Remote DoS Attack on Firewalls CVE-2024-40766 exploited SonicOS Vulnerability, DoS Attack

CVE-2024-40766 exploited SonicOS Vulnerability, DoS Attack

9.8 SonicWall Alert: Critical SSL VPN Flaw (CVE-2025-40600) Allows Remote DoS Attack on Firewalls

Do Son July 30, 2025

SonicWall, a prominent provider of cybersecurity solutions, has disclosed a critical vulnerability—CVE-2025-40600—affecting the SSL VPN interface of...

8.8 Chrome Update: Google Patches High-Severity Use-After-Free in Media Stream (CVE-2025-8292)

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

8.8 Chrome Update: Google Patches High-Severity Use-After-Free in Media Stream (CVE-2025-8292)

Do Son July 30, 2025

Google has announced a Stable Channel update for Chrome Desktop, pushing version 138.0.7204.183/.184 to users on Windows...

ByteDance’s Trae IDE Under Fire: AI Coding Tool Caught Telemetry Spying Even After Opt-Out Trae IDE, Telemetry Privacy

Trae IDE, Telemetry Privacy

ByteDance’s Trae IDE Under Fire: AI Coding Tool Caught Telemetry Spying Even After Opt-Out

Do Son July 29, 2025

Trae IDE, an AI-powered programming tool and integrated development environment (IDE) developed by ByteDance, has recently come...

5.5 Microsoft Uncovers “Sploitlight”: macOS Flaw (CVE-2025-31199) Bypasses TCC, Leaking Apple Intelligence Data macOS Vulnerability, TCC Bypass

macOS Vulnerability, TCC Bypass

5.5 Microsoft Uncovers “Sploitlight”: macOS Flaw (CVE-2025-31199) Bypasses TCC, Leaking Apple Intelligence Data

Do Son July 29, 2025

Microsoft Threat Intelligence has unveiled a critical macOS vulnerability that exploits Spotlight plugins to bypass the system’s...

Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security ASUS MyASUS, Token Theft

ASUS MyASUS, Token Theft

Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security

Do Son July 29, 2025

ASUS has issued security updates to patch two vulnerabilities in its MyASUS software, a pre-installed utility application...

7.5 Python Tarfile Vulnerability (CVE-2025-8194) Allows DoS via Malicious Archives Python Vulnerability, Tarfile DoS

Python Vulnerability, Tarfile DoS

7.5 Python Tarfile Vulnerability (CVE-2025-8194) Allows DoS via Malicious Archives

Do Son July 29, 2025

A newly discovered vulnerability in Python’s tarfile module, identified as CVE-2025-8194, threatens to hang applications that process...

Tea Dating App Suffers Second Breach: 1 Million+ Private Messages, Abortion Talks, and IDs Exposed Dating App Breach, Tea App Privacy

Dating App Breach, Tea App Privacy

Tea Dating App Suffers Second Breach: 1 Million+ Private Messages, Abortion Talks, and IDs Exposed

Do Son July 29, 2025

Earlier, the women-only dating application Tea suffered a data breach, during which a 4Chan user accessed 72,000...

RedHook Android Banking Trojan Targets Vietnamese Users with Advanced Phishing & Full Device Takeover Android Banking Trojan, RedHook Malware

Android Banking Trojan, RedHook Malware

RedHook Android Banking Trojan Targets Vietnamese Users with Advanced Phishing & Full Device Takeover

Do Son July 29, 2025

In a revelation by Cyble Research and Intelligence Labs (CRIL), a powerful new Android banking trojan dubbed...

10.0 Critical Node-SAML Flaw (CVE-2025-54419, CVSS 10.0) Allows Authentication Bypass in SAML 2.0 Web Apps Node-SAML Vulnerability, Authentication Bypass

Node-SAML Vulnerability, Authentication Bypass

10.0 Critical Node-SAML Flaw (CVE-2025-54419, CVSS 10.0) Allows Authentication Bypass in SAML 2.0 Web Apps

Do Son July 29, 2025

A newly disclosed critical vulnerability in Node-SAML, a widely used SAML 2.0 authentication provider for Node.js, could...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-4020CVSS 7.5
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and...
CVE-2026-10735
Multiple plugins by ShapedPlugin contain a backdoor in various versions. This makes it possible for unauthenticated attackers to...
CVE-2026-20262CVSS 6.5
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated,...
CVE-2026-54420CVSS 8.5
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a...
CVE-2026-53435CVSS 8.8
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize...
CVE-2026-10795CVSS 8.1
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions...
CVE-2026-11645
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker...
CVE-2026-50751CVSS 9.3
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows...
CVE-2026-20245CVSS 7.8
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local...