Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution
Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.
Search across headline titles and summaries.
Background for this topic.
A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.
Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution
Also, Alleged Gravy Analytics Breach Exposes Location DataThis week, a Russian tanker linked to cable sabotage detained in Finland, a claimed Gravy Analytics breach exposed location data, a Mirai-based botnet exploited zero-day flaws, Dell updated framework flaws and a court sentenced a Florida woman for laundering millions in romance scams.
Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data
Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites
Tricky attackers trying yet again to deceive the good guys on home territory Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws.…
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE)
Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. [...]
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...]
3 CVEs added to CISA's catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw, alongside a critical remote code execution vulnerability in Oracle WebLogic Server that has been exploited for at least five years.…
Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. [...]
A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. [...]
BIOS/UEFI vulnerabilities in the iSeq 100 DNA sequencer from U.S. biotechnology company Illumina could let attackers disable devices used for detecting illnesses and developing vaccines. [...]
CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. [...]
Flaws Enable Privilege Escalation and Remote ExploitationTaiwanese industrial computing firm Moxa Technologies is warning customers about two high-severity vulnerabilities affecting its routers and network appliances, posing significant security risks to operational technology environments.
Eclypsium Report Describes BIOS/UEFI Issues in Illumina iSeq 100 FirmwareCertain vulnerabilities in device maker Illumina's iSeq 100 DNA gene sequencer could allow hackers to overwrite the system's firmware to render the device unusable or to install a firmware implant for ongoing attacker persistence, said researchers at Eclypsium who identified the flaws.
Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices
Flaw Enabled Signature Bypassing on Nuclei ProjectDiscoveryOpen-source vulnerability scanner Nuclei patched a critical flaw in its open-source vulnerability management tool ProjectDiscovery. Security firm Wiz uncovered the flaw, a signature verification system flaw that could allow attackers to execute malicious code using custom code templates.