Microsoft
public
–
4 min read
A critical token validation failure (CVE-2025-55241, CVSS 10.0) in Microsoft Entra ID (formerly Azure AD) was discovered by researcher…
WatchGuard
public
–
3 min read
WatchGuard disclosed a critical out-of-bounds write vulnerability (CVE-2025-9242, CVSS 9.3/10) in its Firebox firewalls, allowing remote, unauthenticated attackers…
Samsung
public
–
3 min read
Samsung patched CVE-2025-21043, a critical remote code execution (RCE) vulnerability in libimagecodec.quram.so, a closed-source image parsing library by…
Dassault Systèmes
public
–
3 min read
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about active exploitation of CVE-2025-5086, a critical remote…
Samsung
public
–
4 min read
Samsung patched a critical zero-day vulnerability (CVE-2025-21043) in its Android devices (Android 13+), exploited in real-world attacks. The flaw, an…
Cursor
public
–
5 min read
A critical security vulnerability was discovered in Cursor, an AI-powered fork of Visual Studio Code, where a disabled-by-default Workspace Trust…
Adobe
public
–
4 min read
Adobe is facing active exploitation attempts targeting CVE-2025-54236 (SessionReaper), a critical Improper Input Validation vulnerability in Adobe Commerce and Magento…
Quantum Computing Research Consortium (Hypothetical - Representing the collaborative institutions of Junjian Su, Runze He, Guanghui Li, et al.)
public
–
3 min read
The research exposed critical privacy vulnerabilities in Quantum Machine Learning (QML) models, demonstrating that attackers could infer membership of training…
Meta Platforms (WhatsApp)
public
–
3 min read
A zero-day vulnerability (CVE-2025-55177) was discovered in WhatsApp’s linked-device synchronization feature, allowing unauthorized users to force a target device…
Sitecore
public
–
3 min read
A zero-day vulnerability (CVE-2025-53690) in Sitecore’s Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) was exploited by…
Citrix
public
–
3 min read
Cybercriminals are leveraging HexStrike-AI, a legitimate red teaming tool, to automate exploits against Citrix NetScaler ADC and Gateway using recently…
Amazon Web Services and Wiz: AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
public
–
3 min read
AWS CodeBuild Misconfiguration Could Have Enabled Supply Chain Attacks
In September 2025, Amazon Web Services (AWS) patched a critical misconfiguration…