Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Vulnerability

Auth Bypass Vulnerability Disclosed in Next.js Middleware

A critical security vulnerability has been identified in Next.js, the popular React framework, which could allow attackers to bypass authorization ch…

Critical Windows Vulnerability Leaks NTLM Hashes Without User Interaction

Security researchers have discovered and documented a critical Windows vulnerability (CVE-2025-24071) that enables attackers to steal authentication …

How Outdated Apps Are Compromising Your Android Security

In today's hyper-connected mobile landscape, Android users face an increasingly sophisticated array of security threats that evolve faster than m…

Critical Vulnerability in Sitecore Experience Platform Discovered

Security researchers at Assetnote, recently acquired by Searchlight Cyber, have uncovered a pre-authentication remote code execution vulnerability in…

Google Release Details of AMD Microcode Vulnerability

Last month, Google security researchers disclosed a high-severity vulnerability in AMD's CPU microcode signature verification system , affecting …

Three VMware Vulnerabilities Actively Exploited in the Wild

Broadcom has released urgent security patches to address three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion products. T…

Critical WordPress Plugin Vulnerability Affects 2 Million Sites

A critical reflected cross-site scripting (XSS) vulnerability has been discovered in the Essential Addons for Elementor plugin, potentially affecting…

Critical RCE Vulnerability Discovered in MITRE Caldera Framework

Security researchers have identified a critical remote code execution vulnerability in MITRE Caldera, a widely used adversary emulation platform. The…

Vulnerabilities in Ivanti Endpoint Manager Allow Credential Relay Attacks

Security researchers have discovered four critical vulnerabilities in Ivanti Endpoint Manager (EPM) that could allow unauthenticated attackers to pot…

PostgreSQL Patched Critical SQL Injection Vulnerability

Security researchers at Rapid7 have uncovered a significant SQL injection vulnerability (CVE-2025-1094) affecting PostgreSQL's interactive termin…

Researchers Uncover Authentication Bypass Vulnerability in Palo Alto Networks' PAN-OS

Security researchers at Assetnote have discovered a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS management interfa…

Google Uncover Critical AMD CPU Vulnerability Affecting Confidential Computing

Google's Security Team has disclosed a high-severity vulnerability in AMD's CPU microcode signature verification system, affecting multiple A…

Cisco Webex Connect Flaw Exposed Millions of Chat Histories

A critical security vulnerability in Cisco Webex Connect allowed unauthorized access to millions of customer support chat histories of every organiza…

New Security Flaws in Apple Chips Could Expose Sensitive Browser Data

Security researchers from Georgia Tech and Ruhr University Bochum have uncovered two significant vulnerabilities in Apple's latest processors tha…

Coolify Hit by Three RCE Flaws with Maximum CVSS Score

Security researchers have uncovered three critical vulnerabilities in Coolify, the open-source platform used for managing servers, applications, and …

Critical Vulnerability in SonicWall SMA1000 Devices Actively Exploited

SonicWall has issued an urgent security advisory for a critical vulnerability affecting its SMA1000 series appliances, which is actively being explo…

Cookie Sandwich - New Attack Steals HttpOnly Cookies

A concerning new web security vulnerability dubbed " Cookie Sandwich " has been discovered that allows attackers to bypass HttpOnly cookie …

Critical 7-Zip Vulnerability Bypasses Windows Security

A high-severity vulnerability has been discovered in the popular file compression tool 7-Zip, potentially enabling attackers to bypass crucial Window…

Critical Vulnerabilities Discovered in SimpleHelp Remote Support Software

Security researchers at Horizon3.ai have uncovered three critical vulnerabilities in SimpleHelp, a remote support software solution used globally. T…

Critical Auth Bypass Vulnerability in Fortinet Products Actively Exploited

Fortinet has disclosed a critical authentication bypass vulnerability ( CVE-2024-55591 ) affecting FortiOS and FortiProxy products that allow remote …