CISA KEV Catalog Update Part VII – March 2025

CISA KEV Catalog Update Part VII – March 2025

CISA's add vulnerabilities related to Sitecore CMS and Reviewdog GitHub Actions to its Known Exploited Vulnerabilities (KEV) catalog 1. Sitecore CMS Vulnerabilities CISA has identified critical vulnerabilities in the widely-used…
Google Chrome was affected by CVE-2025-2783

Google Chrome was affected by CVE-2025-2783

CVE-2025-2783 is a zero-day vulnerability affecting Google Chrome, uncovered in a targeted cyber-espionage campaign known as Operation ForumTroll. This critical flaw has allowed attackers to bypass Chrome's robust sandbox protections…
CVE-2025-21377 NTLM Flaw Detailed out

CVE-2025-21377 NTLM Flaw Detailed out

CVE-2025-21377 is a security vulnerability in Microsoft Windows that stems from weaknesses in the implementation of the NTLM (NT LAN Manager) authentication protocol. This vulnerability exposes critical weaknesses in the…
VanHelsing RaaS Dissection

VanHelsing RaaS Dissection

VanHelsing Ransomware-as-a-Service (RaaS) is an emerging cybercriminal operation launched on March 7, 2025, that epitomizes the evolving landscape of ransomware threats. This service enables both seasoned and novice cybercriminals to…
CVE-2025-22230 impacts VMware Tools

CVE-2025-22230 impacts VMware Tools

CVE-2025-22230 is a high-severity vulnerability discovered in VMware Tools for Windows, a set of utilities designed to optimize the performance and management of virtual machines (VMs) in VMware environments. This…
IngressNightmare with Kubernetes Cluster

IngressNightmare with Kubernetes Cluster

IngressNightmare refers to a group of critical vulnerabilities discovered in the Ingress NGINX Controller, a widely used tool for managing HTTP/HTTPS traffic in Kubernetes clusters. Kubernetes, as an orchestration platform…
CVE-2025-29927 impacts Next.Js

CVE-2025-29927 impacts Next.Js

CVE-2025-29927 is a critical vulnerability identified in the Next.js framework, which is widely utilized by developers to build modern web applications using React. This vulnerability is associated with the misuse…
Oracle Denies Data Breach Claims

Oracle Denies Data Breach Claims

The Oracle data breach claim has been a topic of significant discussion, following allegations that a hacker infiltrated Oracle Cloud systems, purportedly exposing sensitive data. The incident has drawn attention…