Amazon Web Services (AWS) has disclosed a significant security flaw in its WorkSpaces client for Linux, potentially allowing local attackers to steal authentication tokens and hijack user sessions.
Identified as CVE-2025-12779, the vulnerability stems from improper handling of authentication tokens in the client software,...
While cybersecurity headlines often spotlight shady extensions from obscure developers or massive supply chain attacks, even reputable sources can slip up in ways that threaten enterprises.
Researchers at Koi have uncovered critical remote code execution (RCE) vulnerabilities in three extensions created and promoted by...
In a significant escalation of threats to web infrastructure, a new vulnerability dubbed "MadeYouReset" has exposed numerous HTTP/2 implementations to denial-of-service (DoS) attacks, potentially enabling large-scale distributed DoS (DDoS) campaigns.
Tracked under CVE-2025-8671 with a CVSS score of 7.5, this flaw exploits discrepancies in...
Cisco has disclosed a critical vulnerability in its Identity Services Engine (ISE) software that could allow attackers to remotely trigger a system restart, leading to a denial-of-service condition.
Identified as CVE-2025-20343, the flaw carries a CVSS base score of 8.6, classifying it as high...
NVIDIA has addressed a critical flaw in its NVIDIA App software for Windows, which could allow local attackers to execute malicious code and escalate privileges.
Disclosed as CVE-2025-23358, the vulnerability stems from a search path element issue in the app's installer, classified under CWE-427....
Cisco has issued an urgent warning about active exploitation of a critical vulnerability in its Secure Firewall Adaptive Security Appliance (ASA) and Threat Defense (FTD) software, urging customers to patch immediately.
The flaw, tracked as CVE-2025-20333, affects the VPN web server and allows authenticated...