Zeljka Zorz
Google patches actively exploited Chrome zero-day (CVE‑2025‑6554)
Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. …
CitrixBleed 2 might be actively exploited (CVE-2025-5777)
While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t …
Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)
A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable …
Windows 10: How to get security updates for free until 2026
Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates …
Trojanized SonicWall NetExtender app exfiltrates VPN credentials
Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a …
High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The …
Microsoft will start removing legacy drivers from Windows Update
Microsoft will start removing legacy drivers from Windows Update to improve driver quality for Windows users but, most importantly, to increase security, the company has …
CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets
The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto …
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)
Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The …
Microsoft boosts default security of Windows 365 Cloud PCs
Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud …
AWS launches new cloud security features
Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at …
Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)
Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most …
Featured news
Resources
Don't miss
- Faster LLM tool routing comes with new security considerations
- Your wearable knows your heartbeat, but who else does?
- How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector
- Attackers target retailers’ gift card systems using cloud-only techniques
- Attackers turn trusted OAuth apps into cloud backdoors