Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations.
"Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without ...
Search found 1289 matches
- Sun Jun 15, 2025 6:28 am
- Forum: IOT Devices
- Topic: SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
- Replies: 0
- Views: 73
- Sun Jun 15, 2025 6:26 am
- Forum: Web Applications
- Topic: Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
- Replies: 0
- Views: 67
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 (M365) Copilot's context sans any user interaction.
The critical-rated vulnerability has been assigned ...
The critical-rated vulnerability has been assigned ...
- Sun Jun 15, 2025 6:25 am
- Forum: Mobile Phones
- Topic: Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
- Replies: 0
- Views: 59
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks.
The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1 ...
The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1 ...
- Sun Jun 15, 2025 6:22 am
- Forum: Web Applications
- Topic: Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks
- Replies: 0
- Views: 48
Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks
GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject malicious code, and disrupt services.
The new versions—18.0.2, 17.11.4, and 17.10.8 for both Community ...
The new versions—18.0.2, 17.11.4, and 17.10.8 for both Community ...
- Sun Jun 15, 2025 6:21 am
- Forum: Consumer
- Topic: Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
- Replies: 0
- Views: 92
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe.
The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe ...
The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe ...
- Sun Jun 15, 2025 6:18 am
- Forum: Windows
- Topic: Windows Task Scheduler Vulnerability Allows Attackers to Gain Elevated Privileges
- Replies: 0
- Views: 49
Windows Task Scheduler Vulnerability Allows Attackers to Gain Elevated Privileges
A critical security vulnerability in Windows Task Scheduler that could allow unauthorized attackers to escalate their privileges on affected systems.
The vulnerability, tracked as CVE-2025-33067 and released on June 10, 2025, affects the Windows Kernel’s privilege management system and carries a ...
The vulnerability, tracked as CVE-2025-33067 and released on June 10, 2025, affects the Windows Kernel’s privilege management system and carries a ...
- Sun Jun 15, 2025 6:16 am
- Forum: Commercial
- Topic: CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
- Replies: 0
- Views: 63
CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
Palo Alto Networks has disclosed a command injection vulnerability in its PAN-OS operating system that enables authenticated administrative users to escalate privileges and perform actions as the root user.
The vulnerability, designated CVE-2025-4231, was published on June 11, 2025, and carries a ...
The vulnerability, designated CVE-2025-4231, was published on June 11, 2025, and carries a ...
- Sun Jun 15, 2025 6:14 am
- Forum: Commercial
- Topic: SECURITY BULLETIN: June 2025 for Trend Micro Apex One
- Replies: 0
- Views: 50
SECURITY BULLETIN: June 2025 for Trend Micro Apex One
Trend Micro has released critical security patches addressing five high-severity vulnerabilities in Apex One and Apex One as a Service products.
The most severe vulnerability, tracked as CVE-2025-49155, allows remote attackers to execute arbitrary code through the Data Loss Prevention module ...
The most severe vulnerability, tracked as CVE-2025-49155, allows remote attackers to execute arbitrary code through the Data Loss Prevention module ...
- Sun Jun 15, 2025 6:13 am
- Forum: Windows
- Topic: Zero-Day Vulnerability in Windows SMB Client Exploited via Reflective Kerberos Relay Attack
- Replies: 0
- Views: 53
Zero-Day Vulnerability in Windows SMB Client Exploited via Reflective Kerberos Relay Attack
A critical zero-day vulnerability affecting Windows systems that allows attackers to gain maximum system privileges through a novel Kerberos-based attack technique.
The vulnerability, designated CVE-2025-33073, was patched by Microsoft on June 10, 2025, as part of their monthly Patch Tuesday ...
The vulnerability, designated CVE-2025-33073, was patched by Microsoft on June 10, 2025, as part of their monthly Patch Tuesday ...
- Sun Jun 15, 2025 6:12 am
- Forum: Windows
- Topic: Windows Disk Cleanup Tool Vulnerability: PoC Exploit Now Public
- Replies: 0
- Views: 52
Windows Disk Cleanup Tool Vulnerability: PoC Exploit Now Public
Security researchers have released a proof-of-concept exploit for CVE-2025-21420, a critical elevation of privilege vulnerability affecting Windows Disk Cleanup tool (cleanmgr.exe).
The vulnerability leverages improper link resolution mechanisms to achieve SYSTEM-level privileges through the ...
The vulnerability leverages improper link resolution mechanisms to achieve SYSTEM-level privileges through the ...