Tag Archives: Vulnerability

WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The company says this zero-click flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. “Incomplete authorization of linked device synchronization messages in WhatsApp [..] could have allowed …

The maker of Passwordstate, an enterprise-grade password manager for storing companies’ most privileged credentials, is urging them to promptly install an update fixing a high-severity vulnerability that hackers can exploit to gain administrative access to their vaults. The authentication bypass allows hackers to create a URL that accesses an emergency access page for Passwordstate. From there, an attacker could pivot …

ESET researchers have discovered a previously unknown vulnerability in WinRAR, being exploited in the wild by Russia-aligned group RomCom. This is at least the third time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild. Previous examples include the abuse of CVE-2023-36884 via Microsoft Word in June 2023, and the combined vulnerabilities assigned CVE‑2024‑9680 chained with …

This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 25-02: Mitigate Microsoft Exchange Vulnerability. Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency, to …

Note: This Alert may be updated to reflect new guidance issued by CISA or other parties.  CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact the identity integrity of an …

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval  The Hacker News Several Vulnerabilities Patched in AI Code Editor Cursor  SecurityWeek RCE Flaw in AI-Assisted Coding Tool Poses Software Supply Chain Risk  Dark Reading AI-powered Cursor IDE vulnerable to prompt-injection attacks  BleepingComputer Cursor IDE’s MCP Vulnerability  Check Point Software Source link

NEW YORK (AP) — Microsoft has issued an emergency fix to close off a vulnerability in Microsoft’s widely-used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some U.S. government agencies. The company issued an alert to customers Saturday saying it was aware of the zero-day exploit being used to conduct attacks and …

CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as “ToolShell,” provides unauthenticated access to …

Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s “Summarize this email” feature to display fabricated security warnings that appear to originate from Google itself, potentially leading to credential theft and social engineering attacks. Key Takeaways1. Attackers hide malicious instructions …