Researchers at RCE Security have identified a severe security flaw affecting WingFTP, a popular cross-platform FTP server software. This vulnerability, designated as CVE-2025-47812, has been assigned a maximum CVSS score of 10, indicating its high severity. Successful exploitation could allow remote attackers to execute arbitrary code on affected systems, potentially leading to full system compromise.…

Continue Reading

The Stratascale Cyber Research Unit has recently identified a significant security flaw in the Linux sudo utility on a security report on their website. This vulnerability, tracked as CVE-2025-32463, allows unprivileged users to escalate their privileges to root by exploiting the chroot feature—used to restrict a process’s view of the filesystem—even if no sudo rules…

Continue Reading

Recently, a security vulnerability was identified in ModSecurity, a popular web application firewall by OWASP (Open Web Application Security Project) used to protect websites and applications. The issue involves how ModSecurity handles empty XML tags when the xml to arguments feature is enabled, potentially causing a segmentation fault that could disrupt service. In ModSecurity versions…

Continue Reading

In a recent security advisory, Cisco has released an update patching a serious vulnerability affecting its Unified Communications Manager (UCM) platform. The issue centers around static SSH credentials embedded within certain versions of Cisco UCM and Session Management Edition (SME). These default root account credentials are meant solely for development purposes and can’t be modified…

Continue Reading

A serious security flaw allows attackers to delete arbitrary files on affected sites, including critical configuration files. According to the WordPress plugin directory, it is active on over 600,000 WordPress websites. WordPress security plugin Wordfence recently identified a high-severity vulnerability in the widely-used Forminator plugin affecting versions ≤ 1.44.2. This flaw enables unauthenticated attackers to…

Continue Reading

On June 30, 2025, Google rolled out a new update for Chrome across all major desktop platforms—Windows, Mac, and Linux. The latest version updates are being gradually distributed to users over the coming days and weeks. This update includes a range of improvements and, most importantly, addresses a significant security vulnerability. The primary update of…

Continue Reading

A major Bluetooth security issue has come to light, and it could affect millions of users of popular wireless headphones and earbuds — including models from Sony, Bose, JBL, Marshall, and others. Cybersecurity firm ERNW recently uncovered multiple vulnerabilities in Bluetooth chips made by Airoha, a major supplier used in True Wireless Stereo (TWS) devices.…

Continue Reading