The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity Android Framework vulnerabilities to its Known Exploited Vulnerabilities catalog on December 2, 2025, signaling active exploitation in the wild.
CVE-2025-48572 enables local elevation of privilege, while CVE-2025-48633 allows information disclosure, both affecting core...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-13223, a high-severity type confusion vulnerability in Google Chromium's V8 JavaScript engine, to its Known Exploited Vulnerabilities (KEV) catalog.
This zero-day flaw allows remote attackers to trigger heap corruption via specially crafted HTML pages,...
In a chilling revelation from Amazon's threat intelligence team, sophisticated hackers are weaponizing undisclosed zero-day flaws in critical enterprise tools from Cisco and Citrix.
Dubbed as part of an ongoing campaign, these attackers are targeting identity and access management systems the digital gatekeepers that...
The vulnerability stems from an out-of-bounds write flaw in the libimagecodec.quram.so library, a core component for image processing on Samsung Android devices running versions 13 and later.
Classified under CWE-787, it allows attackers to corrupt memory and execute arbitrary code by sending specially crafted...
Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet's Triofox file-sharing and remote access platform.
This now-patched n-day vulnerability, assigned CVE-2025-12480, allowed an attacker to bypass authentication and access the application configuration pages, enabling the upload and execution of arbitrary...