A critical security vulnerability has been discovered in 7-Zip, the popular file compression utility, that allows attackers to perform arbitrary file writes during archive extraction, potentially leading to code execution.
The vulnerability, tracked as CVE-2025-55188, affects all versions of 7-Zip prior to 25.01 and...
Cisco Talos’ Vulnerability Discovery & Research team has disclosed a total of twelve security vulnerabilities affecting three distinct software products.
Seven vulnerabilities impact WWBN AVideo, four reside within the MedDream PACS Premium system, and one exists in the Eclipse ThreadX FileX module.
All issues...
A new technique that allows attackers to bypass Windows User Account Control (UAC) protections using the system's built-in Private Character Editor, demonstrating how legitimate system utilities can be exploited to gain elevated privileges without user consent.
The attack leverages eudcedit.exe, Windows' Private Character Editor located...
The Cybersecurity and Infrastructure Security Agency (CISA) on August 7, 2025, published ten new Industrial Control Systems (ICS) advisories to alert organizations to critical vulnerabilities and potential exploits affecting control-system components.
These advisories address a broad spectrum of products—from programmable logic controllers to remote...
The U.S. Homeland Security Investigations (HSI),coordination with international law enforcement agencies, has successfully dismantled the critical infrastructure of BlackSuit ransomware, marking a significant victory against one of the world's most dangerous cybercriminal operations.
The coordinated takedown, dubbed Operation Checkmate, has seized servers, domains, and...
A technique dubbed "ECScape" that allows malicious containers running on Amazon Elastic Container Service (ECS) to steal AWS credentials from other tasks sharing the same EC2 instance.
The attack exploits an undocumented internal protocol between the ECS agent and AWS control plane, enabling privilege...