CVSS score – Threat Note

From Security Week – 8,000 New WordPress Vulnerabilities Reported in 2024

[[{"value":"Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on…

shaikh Saqib March 17, 2025

News

From Dark Reading – 3 VMware Zero-Day Bugs Allow Sandbox Escape

The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying…

shaikh Saqib March 5, 2025

News

From The Hacker News – VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches

Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with

shaikh Saqib March 4, 2025

News

From Cyber Security News – Cisco Nexus Vulnerability Let Attackers Inject Malicious Commands

Cisco Systems has issued a critical security advisory addressing a command injection vulnerability in its Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode. Designated as CVE-2025-20161, the…

shaikh Saqib February 27, 2025

News

From The Hacker News – Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,

shaikh Saqib February 26, 2025

News

From Cyber Security News – Fluent Bit 0-day Vulnerabilities Exposes Billions of Production Environments to Cyber Attacks

Researchers uncovered critical zero-day vulnerabilities in Fluent Bit, a ubiquitous logging utility embedded in cloud infrastructure across major providers like AWS, Google Cloud, and Microsoft Azure. The flaws tracked as…

shaikh Saqib February 24, 2025

News

From Cyber Security News – IDOR Vulnerability in ExHub Let Attacker Modify Web Hosting Configuration

A critical Insecure Direct Object Reference (IDOR) vulnerability was recently discovered in ExHub, a cloud-based platform for hulia-based development. This flaw allowed attackers to modify web hosting configurations of any…

shaikh Saqib February 17, 2025