Zscaler ThreatLabz uncovered CVE-2025-50165 in May 2025, a critical remote code execution flaw in the Windows Graphics Component with a CVSS score of 9.8.
This untrusted-pointer dereference in windowscodecs.dll affects apps like Microsoft Office that process images, enabling attackers to trigger it via a...
In the world of cybersecurity, overlooked Windows scheduled tasks often become easy targets for attackers seeking to escalate privileges.
TaskHound, a new open-source tool from security researcher 0xr0BIT, simplifies the hunt for these vulnerabilities by enumerating tasks over SMB connections, parsing their XML definitions,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in the Microsoft Windows Kernel to its Known Exploited Vulnerabilities (KEV) catalog, highlighting active exploitation in the wild.
Tracked as CVE-2025-62215, this race condition allows local attackers with low privileges...
Elastic Security has issued a critical update addressing a high-severity vulnerability in its Elastic Defend endpoint protection software for Windows, which could enable attackers to delete arbitrary system files and potentially escalate privileges to the highest level.
Tracked as CVE-2025-37735 under Elastic Security Advisory...
Designed to optimize network performance in large organizations, have emerged as a overlooked vector for domain compromise.
Security researchers at Synacktiv recently highlighted how attackers can exploit access control lists (ACLs) on site objects to escalate privileges and infiltrate entire domains.
This technique, detailed...
NVIDIA has addressed a critical flaw in its NVIDIA App software for Windows, which could allow local attackers to execute malicious code and escalate privileges.
Disclosed as CVE-2025-23358, the vulnerability stems from a search path element issue in the app's installer, classified under CWE-427....