A significant vulnerability affecting Lenovo machines that allows users to bypass AppLocker security controls through a writeable file located in the Windows system directory.
The issue, discovered by Oddvar Moe from TrustedSec, involves improper file permissions on the MFGSTAT.zip file that comes preinstalled with...
A critical vulnerability in HIKVISION's applyCT security management platform that could allow attackers to execute arbitrary code on affected systems without authentication.
The vulnerability, designated CVE-2025-34067, has been assigned the maximum CVSS score of 10.0, indicating its severe impact on enterprise security infrastructure.
The vulnerability...
Critical security vulnerabilities have been discovered in PHP's PostgreSQL and SOAP extensions that could enable SQL injection attacks and denial of service conditions.
The vulnerabilities affect multiple PHP versions and require immediate patching to prevent potential exploitation by malicious actors.
A significant security vulnerability has...
A sophisticated method to bypass Content Security Policy (CSP) nonces, a widely-used web security mechanism designed to prevent cross-site scripting (XSS) attacks.
The breakthrough technique exploits browser caching mechanisms combined with CSS injection to circumvent one of the web's most trusted security features.
Content Security...
A major security vulnerability in the Android stalkerware service Catwatchful has exposed the plaintext login credentials of over 62,000 users, revealing the extensive reach of consumer spyware applications.
The breach, discovered through a SQL injection vulnerability, highlights ongoing security concerns surrounding commercially available surveillance...
A new credential-harvesting malware known as “123 | Stealer” has surfaced on a prominent English-speaking cybercrime forum, with the threat actor operating under the handle koneko marketing subscriptions at US $120 per month.
According to the sales thread, the developer distributes the stealer through...