CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. […]
Cloudflare R2 service outage caused by password rotation error
Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. […]
Broadcom warns of authentication bypass in VMware Windows Tools
Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. […]
New Windows zero-day leaks NTLM hashes, gets unofficial patch
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. […]
EncryptHub linked to zero-day attacks targeting Windows systems
A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. […]
Browser-in-the-Browser attacks target CS2 players’ Steam accounts
A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam’s login page. […]
Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots
DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability.
The post Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots appeared first on SecurityWeek.
VMware Patches Authentication Bypass Flaw in Windows Tools Suite
The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10.
The post VMware Patches Authentication Bypass Flaw in Windows Tools Suite appeared first on SecurityWeek.
Microsoft Adds AI Agents to Security Copilot
Microsoft has expanded the capabilities of Security Copilot with AI agents tackling data security, phishing, and identity management.
The post Microsoft Adds AI Agents to Security Copilot appeared first on SecurityWeek.
New Android malware uses Microsoft’s .NET MAUI to evade detection
New Android malware campaigns use Microsoft’s cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. […]