Cisco has released a critical security advisory addressing a serious vulnerability in its Secure Firewall Management Center (FMC) Software. This vulnerability, tracked as CVE-2025-20265 and with a CVSS severity score of 10, could allow remote, unauthenticated code execution whenever FMC is configured to use RADIUS for administrator logins. According to Cisco’s advisory, a slip-up in

Continue Reading

The NIST (National Institute of Standards and Technology) has just taken an important step to help organizations manage these risks with the release of a concept paper and action plan for “Control Overlays for Securing AI Systems.” Artificial intelligence (AI) is rapidly reshaping our world, powering everything from smart assistants to advanced cybersecurity tools. But

Continue Reading

Zoom has recently announced a security vulnerability affecting some of its Windows applications. The issue involves an untrusted search path in certain Zoom Windows versions. This could potentially allow a hacker to bypass authentication and escalate their privileges on a affected system through network access. In practical terms, this could lead to unauthorized actions or

Continue Reading

Cybersecurity experts have identified a potential new risk that could undermine the security benefits of FIDO passkeys, which are increasingly adopted as a robust defense against credential phishing and account takeover attacks. While FIDO standards are designed to provide phishing-resistant, passwordless authentication, recent research indicates that malicious actors may develop techniques to trick users into

Continue Reading

SAP, a leading provider of enterprise resource planning (ERP) solutions, has recently released its latest security updates during its August Patch Tuesday or Security Patch Day. Fixes are included for several critical vulnerabilities that organizations using SAP products should address promptly. SAP released a total of 15 new security notes, along with four updates to

Continue Reading

Xerox Corporation has issued an urgent security advisory regarding critical vulnerabilities in its FreeFlow Core software version 8.0.4. These flaws could allow malicious actors to perform server-side request forgery (SSRF) attacks and execute remote code on affected systems, posing a significant threat to organizations relying on this software. The issues affect FreeFlow Core version 8.0.4

Continue Reading

Cybersecurity researchers from Eclypsium in recent analysis have uncovered a serious vulnerability affecting certain Lenovo webcams that run on Linux-based firmware. This flaw allows an attacker with remote access to reflash the device’s firmware, turning it into a covert attack tool capable of injecting keystrokes or establishing persistent backdoors — all without physical access. The

Continue Reading