Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address one critical vulnerability in Firefox and Firefox ESR. Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in Firefox’s Inter-process Communication (IPC) code. A compromised child process could Read More …

Google Releases Security Updates for Chrome

Google has released Chrome version 134.0.6998.177/.178 to address a high severity vulnerability, reported as exploited in the wild. A remote attacker could exploit this vulnerability to escape a sandbox via a malicious file. Google is aware that an exploit for Read More …

Security Update Released for CrushFTP

  A vulnerability has been disclosed in CrushFTP, a file server supporting standard secure file transfer protocols, after being discovered by a security researcher. The vulnerability designated as CVE-2025-2825 is a critical ‘improper authentication’ vulnerability with a CVSSv3 score of Read More …

Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection

SonicWall Capture Labs threat research team became aware of the threat CVE-2023-22621, assessed its impact and developed mitigation measures for this vulnerability. CVE-2023-22621 is a high-severity vulnerability affecting Strapi versions 3.0.0 through 4.5.5. The flaw permits authenticated Server-Side Template Injection Read More …

Security Updates Released for Ingress NGINX Controller for Kubernetes

Five vulnerabilities have been discovered within the Ingress NGINX Controller for Kubernetes. NGINX Ingress Controller is a tool used in Kubernetes environments to manage and route external traffic to services within the cluster. Ingress Controller acts as a reverse proxy Read More …

Broadcom Releases Security Advisory for VMware Tools for Windows

Broadcom has released a security advisory addressing a high severity vulnerability in VMware Tools for Windows. VMware Tools is a suite of utilities that enhances the performance of VMware virtual machines and provides extra functionality. CVE-2025-22230 is an authentication bypass Read More …

Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP

Rapid7 is warning customers of notable vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. CVE-2025-29927 is a critical improper authorization vulnerability in Next.js middleware that Read More …

Oracle Cloud says it’s not true someone broke into its login servers and stole data

Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen. A crook late last week advertised on an online cyber-crime forum what was alleged to be Oracle Cloud customer security Read More …

Russian zero-day seller is offering up to $4 million for Telegram exploits

Operation Zero, a company that acquires and sells zero-days exclusively to the Russian government and local Russian companies, announced on Thursday that it’s looking for exploits for the popular messaging app Telegram, and is willing to offer up to $4 Read More …

Critical Veeam Backup & Replication CVE-2025-23120

On Wednesday, March 19, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution vulnerability tracked as CVE-2025-23120. The vulnerability affects Backup & Replication systems that are domain joined. Veeam explicitly mentions that Read More …