MediaTek has released its July 2025 Product Security Bulletin addressing a comprehensive range of vulnerabilities affecting smartphone, tablet, AIoT, smart display, smart platform, OTT, computer vision, audio, and TV chipsets.
The bulletin identifies 16 security vulnerabilities, with seven classified as high severity and nine...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a path traversal vulnerability in Rails Ruby on Rails framework that has been actively exploited in the wild.
This vulnerability, identified as CVE-2019-5418, poses significant risks to organizations using the popular...
A new ransomware group called Payouts King has emerged in the cybercriminal landscape, claiming responsibility for attacks against 13 organizations across multiple countries and allegedly stealing over 21 terabytes of sensitive data.
The group's activities have escalated rapidly, with victims spanning from healthcare facilities...
A critical vulnerability in DNN (formerly DotNetNuke), one of the oldest open-source content management systems established in 2003.
The vulnerability, designated CVE-2025-52488, allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass that exploits file system operations.
This authentication vulnerability affects the...
A working proof-of-concept exploit for CVE-2025-5777, a critical memory disclosure vulnerability affecting Citrix NetScaler products that has been dubbed "CitrixBleed 2" due to its similarities to the notorious CVE-2023-4966 vulnerability.
The exploit allows attackers to exfiltrate 127 bytes of arbitrary memory data per request,...
SAP released a comprehensive security update on July 8, 2025, addressing 27 new vulnerabilities across its enterprise software portfolio, with seven classified as critical requiring immediate attention.
The July 2025 Patch Day also included updates to three previously released security notes, reflecting SAP's ongoing...