Researchers are warning about the risks posed by a low-cost device that can give insiders and hackers unusually broad powers in compromising networks. The devices, which typically sell for $30 to $100, are known as IP KVMs. Administrators often use them to remotely access machines on networks. The devices, not much bigger than a deck ..
Tag : Vulnerabilities
Coruna is also notable for its use by three distinct hacking groups. Google first detected its use in February of last year in an operation conducted by a “customer of a surveillance vendor.” The vulnerability exploited, tracked as CVE-2025-23222, had been patched 13 months earlier. In July 2025, a “suspected Russian espionage group” exploited CVE-2023-43000 ..
The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers. The post Critical Dolby Vulnerability Patched in Android appeared first on SecurityWeek. https://www.securityweek.com/critical-dolby-vulnerability-patched-i..
AISLE has emerged from stealth with a new AI-based cyber reasoning system (CRS). The term CRS originates from DARPA’s Cyber Grand Challenge, held in 2016 and designed for research into systems able to detect, exploit, and patch software vulnerabilities in real time. Since that Challenge, AI-driven software has become mainstream, and AISLE’s new CRS is ..
Trend Micro’s Zero Day Initiative (ZDI) this week published 13 advisories describing unpatched vulnerabilities in Ivanti Endpoint Manager. One of the flaws allows local attackers to elevate their privileges and was reported to Ivanti in November 2024. The remaining 12 lead to remote code execution (RCE) and were reported in June 2025. While the vulnerabilities ..
Apple on Friday announced significant updates to its bug bounty program and the company is now offering up to $2 million for complex exploit chains. Since the launch of its public bug bounty program in 2020, Apple has awarded a total of more than $35 million to over 800 security researchers. Multiple hackers earned $500,000 ..
A high-severity vulnerability in the popular gaming and application editor Unity can allow attackers to load arbitrary libraries and achieve code execution. Tracked as CVE-2025-59489 (CVSS score of 8.4), the security defect resides in command-line arguments through which Unity could load and execute arbitrary code. According to security engineer RyotaK from GMO Flatt Security, the ..
The recent data theft and extortion campaign targeting Oracle E-Business Suite customers has been confirmed to be the work of the notorious Cl0p ransomware group, and Oracle has admitted that the hackers have exploited a zero-day vulnerability. The attacks targeting Oracle E-Business Suite (EBS) customers came to light last week, when Google Threat Intelligence Group ..
DrayTek on Thursday announced patches for an unauthenticated remote code execution (RCE) vulnerability affecting DrayOS routers. Tracked as CVE-2025-10547, the issue can be exploited via crafted HTTP or HTTPS requests sent to a vulnerable device’s web user interface. Successful exploitation of the bug, DrayTek explains in its advisory, may result in memory corruption and a ..
The US cybersecurity agency CISA on Thursday warned that a Meteobridge vulnerability patched in May has been exploited in attacks and added the flaw to its Known Exploited Vulnerabilities (KEV) catalog. Meteobridge is a device that allows administrators to connect their weather stations to public weather networks. Station data collection and system management functionality is ..