The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security advisory warning of vulnerabilities in railroad communication systems that could allow attackers to remotely control train braking systems.
The vulnerability, assigned CVE-2025-1727, affects the remote linking protocol used between End-of-Train (EoT) and...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability in Wing FTP Server that is being actively exploited by threat actors in the wild.
The vulnerability, tracked as CVE-2025-47812, represents a significant security risk to organizations using...
A sophisticated zero-click attack framework called RenderShock that exploits passive file processing systems in modern operating systems and enterprise environments.
Unlike traditional malware that requires user interaction, RenderShock leverages built-in preview mechanisms, file indexing services, and automation features to execute malicious payloads without any...
A security researcher has disclosed a significant Local File Inclusion (LFI) vulnerability in Microsoft Graph APIs that allowed attackers to extract sensitive server-side files through the platform's document conversion feature.
The flaw, which Microsoft has since patched, earned the researcher a $3,000 bounty through...
A newly disclosed high-severity vulnerability in ServiceNow’s cloud platform, dubbed Count(er) Strike, could have allowed malicious actors to exfiltrate personally identifiable information, credentials, and other proprietary data from hundreds of tables with minimal access.
Discovered by Varonis Threat Labs in February 2024 and formally...
Activision has taken the PC version of Call of Duty: WWII offline following reports of a critical security vulnerability that enables players to remotely access and control other gamers' computers during multiplayer matches.
The issue emerged just days after the 2017 title became available...