F5 Labs researchers released a PoC tool to find servers vulnerable to the Apache Parquet vulnerability CVE-2025-30065. A working proof-of-concept exploit for the critical Apache Parquet vulnerability CVE-2025-30065 has been released by F5 Labs, allowing the i…

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-6047 GeoVision Devices OS Command Injection Vulnerability CVE-2024-11120 GeoVision Devices OS Command I…

CISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch…

Symantec’s Threat Hunter Team has uncovered a sophisticated attack involving a zero-day privilege escalation vulnerability in Microsoft’s Common The post Zero-Day CLFS Vulnerability (CVE-2025-29824) Exploited in Ransomware Attacks appeared first on Daily CyberSecurity.

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, …

Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeT…

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a FreeType flaw, tracked as CVE-2025-27363 (CVSS score of 8.…

The Android May 2025 security update fixes 46 vulnerabilities. One flaw, CVE-2025-27363, is already being exploited in the wild. The post Android May 2025 security update patches 46 flaws, including one that’s been exploited appeared first on Phandroid.

Android 15 May update rolling out: Pixel microphone, Bluetooth fixes9to5Google Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by AttackersThe Hacker News Your Google Pixel Phone's May Update ArrivedDroid Life Google Confirms Android Attacks…

Google updates Pixels with important security patches, but warns that there's no going backAndroid Police Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by AttackersThe Hacker News Your Google Pixel Phone's May Update ArrivedDroid Life Goog…

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of two command injection vulnerabilities — The post Botnet Exploits Old GeoVision IoT Devices via CVE-2024-6047 & CVE-2024-11120 appeared first on Daily CyberSecurity.

Security researchers from ARIMLABS.AI have disclosed a serious vulnerability in the Browser Use project—a tool that provides browser The post CVE-2025-47241: Critical Whitelist Bypass in Browser Use Exposes Internal Services appeared first on Daily CyberSecurity.

Posted by Alan Coopersmith on May 06CISA added this vulnerability to their Known Exploited Vulnerabilities Catalog today, so there will be even more users checking to see if they have it fixed now: https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-adds…

A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. [...]

Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published. Arctic Wolf researchers observed threat actors beginning to exploit a high-severity vulnerability, tracked as CVE-2024-7399 (CVSS score: 8.8), i…

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability. In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver i…

A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2…

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Langflow flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2025-3248 (CVSS score of 9.8…

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-27363 FreeType Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vec…

Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild. Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVS…