A severe remote code execution (RCE) vulnerability affects certain Calix networking devices, allowing attackers to gain complete system control without authentication. The flaw impacts legacy devices running vulnerable CWMP (CPE WAN Management Protocol) services on TCP port 6998. The critical…
Tag: Cyber Security News
Sensata Technologies Hacked – Ransomware Attack Disrupts Operations
A sophisticated ransomware attack has struck Sensata Technologies, causing significant operational disruptions across the company’s global network. The industrial technology firm, which develops sensor-rich solutions and electrical protection systems for automotive, aerospace, and industrial applications, confirmed the cybersecurity incident occurred…
WordPress Plugin Vulnerability Exposes Sites to Critical File Inclusion Attacks
A severe security vulnerability has been discovered in the popular InstaWP Connect WordPress plugin, potentially exposing thousands of websites to remote attacks. Security researchers at Wordfence identified and reported the critical flaw (CVE-2025-2636), which allows unauthenticated attackers to execute arbitrary…
Microsoft Enhances Exchange & SharePoint Server Security With New Windows Antimalware Scan
Microsoft has announced a significant security upgrade for Exchange Server and SharePoint Server through integration with the Windows Antimalware Scan Interface (AMSI), providing critical protection for these business-critical systems that are frequent targets for cyberattacks. Exchange Server and SharePoint Server…
Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed
A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated remote code execution (RCE) vulnerability impacting several Ivanti products. The vulnerability was recently exploited in the wild by a suspected China-nexus threat actor, affecting Ivanti Connect Secure, Pulse Connect…
Jenkins Docker Images Vulnerability Let Attackers Insert Themselves in Network Path
A critical security flaw in widely used Jenkins Docker images has been discovered, potentially compromising build pipelines across thousands of organizations. The vulnerability, disclosed in a Jenkins Security Advisory on April 10, 2025, affects SSH host key handling in certain…
AMD CPU Signature Verification Vulnerability Let Attackers Load Malicious Microcode
AMD has disclosed a significant security vulnerability that could allow attackers with administrative privileges to load unauthorized microcode patches into the company’s processors. Identified as CVE-2024-36347 with a CVSS score of 6.4 (Medium), this flaw affects a wide range of…
Windows Defender Antivirus Bypassed Using Direct Syscalls & XOR Encryption
A new sophisticated method to bypass Microsoft’s Windows Defender antivirus protection by combining direct syscalls with XOR encryption techniques. The research, published this week, reveals critical vulnerabilities in one of the most widely deployed security solutions that ships with every…
Microsoft Issues Urgent Patch to Resolve Office Update Crashes
Microsoft has issued an emergency patch addressing widespread crashes in Office 2016 applications following a problematic update. The fix, identified as KB5002623 and released on April 10, 2025, resolves critical issues that caused Microsoft Word, Excel, and Outlook to stop…
iOS 18.4 Update Introduces Critical Bug in Dynamic Symbol Resolution
Apple’s latest iOS 18.4 update has introduced a significant bug affecting dynamic symbol resolution on devices supporting Pointer Authentication Code (PAC). This issue, first observed by Fabien Perigaud, a noted reverse-engineering expert, has implications for applications relying on dynamic library…