CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system. The post CVE-2025-3248 – Unauthenticated Remot…

Veeam addressed a new critical flaw in Backup & Replication product that could potentially result in remote code execution. Veeam has rolled out security patches to address a critical security vulnerability, tracked CVE-2025-23121 (CVSS score of 9.9) in its B…

Attackers exploit CVE-2025-3248 in Langflow servers to deliver Flodrix botnet via downloader scripts, Trend Research reports. Trend Research uncovered an ongoing campaign exploiting the vulnerability CVE-2025-3248 to deliver the Flodrix botnet. Attackers expl…

Security researchers have revealed that the ASUS Armoury Crate software has a serious vulnerability (tracked as CVE-2025-3464) that could allow hackers to gain admin access to computers. The ASUS Armoury Crate software was designed to help users control and …

Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out o…

Posted by josephgoyd via Fulldisclosure on Jun 17"Glass Cage" – Sophisticated Zero-Click iMessage Exploit ChainEnabling Persistent iOS Compromise and Device Bricking CVE-2025-24085, CVE-2025-24201(CNVD-2025-07885) Author: Joseph Goydish II Date: 06/10/2025 …

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerabil…

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2023-0386 Linux Kernel Improper Ownership Management Vulnerability These types of vulnerabili…

GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices. On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execut…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in ques…

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-43200 Apple Multiple Products Unspecified Vulnerability CVE-2023-33538 TP-Link Multiple Route…

A vulnerability was identified in Apple Products. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Note: For CVE-2025-43200, a logic issue existed when processing a maliciously crafted phot…

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploi…

Posted by Matthias Gerstner on Jun 13Hello list, this is a review report about remote Denial-of-Service vulnerabilities in sslh. We also offer a rendered HTML version of this report on our blog [1]. Please find the full details below. 1) Introduction ======…

A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab researchers have revealed on Thursday. The attacks happened …

Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively ex…

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This has been assigned the CVE id CVE-2025-5991.

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 202…

The PostgreSQL JDBC team have released version 42.7.7. to address CVE-2025-49146 When the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authe…

Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT Description Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on t…