A critical vulnerability in Tesla's Wall Connector home charging stations, proving that attackers can gain control of the devices through the charging port itself in just 18 minutes.
The attack, showcased at the Pwn2Own competition by cybersecurity firm Synacktiv, exploits a previously unknown communication...
The Apache CloudStack project is a leading open-source Infrastructure-as-a-Service (IaaS) platform used globally by many organizations to orchestrate cloud environments.
Recently, several critical security vulnerabilities have been uncovered, posing serious risks to organizations relying on CloudStack for their cloud management needs. These issues enable...
A critical Denial-of-Service (DoS) vulnerability (CVE-2025-XXXX) has been patched in CoreDNS’s DNS-over-QUIC (DoQ) server implementation.
The flaw allows remote attackers to crash instances by exploiting uncontrolled goroutine creation in QUIC stream handling, leading to memory exhaustion.
This issue is particularly severe in containerized deployments...
Security researchers from Binarly have uncovered a major software vulnerability in the Unified Extensible Firmware Interface (UEFI) ecosystem, specifically impacting the Secure Boot mechanism used by almost all modern PCs and servers.
Dubbed CVE-2025-3052 (BRLY-2025-001), this memory corruption flaw enables attackers to execute unsigned code...
A critical vulnerability in Insyde H2O UEFI firmware (tracked as CVE-2025-XXXX) allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable.
This flaw exposes millions of devices to pre-boot malware and kernel-level rootkits that evade traditional security...
On June 10, 2025, Microsoft confirmed a critical security vulnerability (CVE-2025-47176) in Microsoft Office Outlook, enabling attackers to execute arbitrary code.
Despite the “Remote Code Execution” title, the attack vector is local, requiring attackers to run code from a user’s own machine.
However, the...