The Stratascale Cyber Research Unit has recently identified a significant security flaw in the Linux sudo utility on a security report on their website. This vulnerability, tracked as CVE-2025-32463, allows unprivileged users to escalate their privileges to root by exploiting the chroot feature—used to restrict a process’s view of the filesystem—even if no sudo rules

Continue Reading

Recently, a security vulnerability was identified in ModSecurity, a popular web application firewall by OWASP (Open Web Application Security Project) used to protect websites and applications. The issue involves how ModSecurity handles empty XML tags when the xml to arguments feature is enabled, potentially causing a segmentation fault that could disrupt service. In ModSecurity versions

Continue Reading

In a recent security advisory, Cisco has released an update patching a serious vulnerability affecting its Unified Communications Manager (UCM) platform. The issue centers around static SSH credentials embedded within certain versions of Cisco UCM and Session Management Edition (SME). These default root account credentials are meant solely for development purposes and can’t be modified

Continue Reading

A serious security flaw allows attackers to delete arbitrary files on affected sites, including critical configuration files. According to the WordPress plugin directory, it is active on over 600,000 WordPress websites. WordPress security plugin Wordfence recently identified a high-severity vulnerability in the widely-used Forminator plugin affecting versions ≤ 1.44.2. This flaw enables unauthenticated attackers to

Continue Reading

On June 30, 2025, Google rolled out a new update for Chrome across all major desktop platforms—Windows, Mac, and Linux. The latest version updates are being gradually distributed to users over the coming days and weeks. This update includes a range of improvements and, most importantly, addresses a significant security vulnerability. The primary update of

Continue Reading

A major Bluetooth security issue has come to light, and it could affect millions of users of popular wireless headphones and earbuds — including models from Sony, Bose, JBL, Marshall, and others. Cybersecurity firm ERNW recently uncovered multiple vulnerabilities in Bluetooth chips made by Airoha, a major supplier used in True Wireless Stereo (TWS) devices.

Continue Reading

As CapCut continues to grow in popularity as a short-form video editing app, cybercriminals are exploiting its name to carry out sophisticated phishing scams. Recently, the Cofense, a security software solutions company, identified a campaign wher attackers send convincing fake invoices that appear to be from CapCut to steal login and payment information. Cybersecurity researchers

Continue Reading

Recent research by cybersecurity company Rapid7 has uncovered several serious security vulnerabilities affecting a wide range of Brother multifunction printers (MFPs) and other devices. These issues could potentially allow malicious actors to access sensitive information, take control of devices, or disrupt their operation. Over the past year, Rapid7 in collaboration with Brother and other vendors,

Continue Reading