Security teams using Apache Syncope face a new risk. A flaw in this open-source identity management tool allows attackers to steal user passwords from its internal database.
Tracked as CVE-2025-65998, the issue has "Important" severity. Researchers urge quick upgrades to block password theft.
Apache Syncope...
A flaw in Microsoft's Update Health Tools exposed Windows devices to remote code execution by exploiting abandoned Azure Blob Storage accounts.
This tool, detailed in KB4023057, helps enterprises deploy updates faster via Intune. However, it also supports trusted unverified JSON configs from hijackable storage....
HashiCorp has disclosed a security flaw in its Vault Terraform Provider that allows attackers to bypass valid credentials and log in to Vault via LDAP authentication.
Tracked as CVE-2025-13357 and bulletin HCSEC-2025-33, the issue stems from incorrect default settings and affects users managing Vault...
NVIDIA has patched serious security flaws in its Isaac-GR00T platform, a key tool for building AI-powered humanoid robots.
Released on November 18, 2025, the update fixes two high-severity vulnerabilities that could let attackers inject malicious code.
These issues affect the platform's Python components and...
Security researchers released a proof-of-concept exploit for CVE-2025-9501, a critical unauthenticated remote code execution flaw in the W3 Total Cache WordPress plugin.
This vulnerability affects over 1 million sites and allows attackers to run arbitrary PHP code via simple comments.
Vulnerability Breakdown
The flaw affects versions...
Remote attackers can seize complete control of popular Tenda routers through serious command injection flaws, security researchers warn.
Affecting the Tenda N300 series and Tenda 4G03 Pro portable 4G LTE devices, these vulnerabilities let authenticated users run any command as the powerful "root" superuser....