A critical vulnerability in Microsoft's Entra ID (formerly Azure Active Directory) that allows attackers to escalate privileges and impersonate any user with Global Administrator privileges.
The privilege escalation technique leverages a fundamental weakness in how Microsoft's first-party applications handle authentication credentials.
Attackers who compromise...
A critical Remote Code Execution (RCE) vulnerability in Oracle Cloud Infrastructure's (OCI) Code Editor that enabled attackers to silently hijack users' Cloud Shell environments through a single malicious webpage visit.
The vulnerability, now remediated by Oracle, exploited a Cross-Site Request Forgery (CSRF) vulnerability that...
A serious remote code execution vulnerability has been discovered in Microsoft SharePoint that allows attackers to execute arbitrary code through malicious XML payloads embedded within Web Part components.
The vulnerability, which affects SharePoint version 15.0.5145.1000 and potentially others, exploits the deserialization process of WebPart...
The vulnerability, designated CVE-2025-5777 and dubbed "CitrixBleed 2," represents a significant security concern for organizations relying on Citrix infrastructure.
Cybersecurity researchers at GreyNoise have discovered that malicious actors began exploiting a critical vulnerability in Citrix NetScaler systems nearly two weeks before a public proof-of-concept became...
Cisco disclosed a critical weakness within the web-based management interface of its Unified Intelligence Center (CUIC) that can be exploited by authenticated remote attackers to upload arbitrary files.
Tracked as CVE-2025-20274 and carrying a CVSS base score of 6.3, the flaw stems from insufficient...
Google's artificial intelligence-powered security tool Big Sleep has achieved a cybersecurity milestone by discovering and preventing the active exploitation of a critical zero-day vulnerability in SQLite, marking what the company believes is the first time an AI agent has directly thwarted real-world cyberattacks.
This...