SecurityOnline

Synology Mail Server Vulnerability Allows Remote Configuration Tampering

“A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions,” according to Synology’s official advisory.

Millions of Web Applications at Risk Due to PoC Exploit Released for Vite Arbitrary File Read Flaw

Vite, the frontend build tool that powers millions of modern web applications, has been found vulnerable to a file access control bypass flaw that could expose arbitrary file contents to the browser.

RCE and Data Leak Vulnerabilities Patched in Splunk Enterprise and Splunk Cloud Platform

CVE-2025-20229 allows low-privileged users to execute arbitrary code remotely by uploading malicious files. The second flaw, CVE-2025-20231, affects the Splunk Secure Gateway App and leads to the exposure of user session and authorization tokens.

Synapse Servers at Risk Due to Zero-Day DoS Flaw Exploited in the Wild

A critical zero-day vulnerability has been discovered in Synapse, an open-source Matrix homeserver implementation. This flaw is actively being exploited in the wild and can lead to a denial-of-service condition.

Use-After-Free Vulnerability in Exim Exposes Systems to Privilege Escalation

The use-after-free vulnerability can be exploited to achieve privilege escalation. This could allow an attacker to gain unauthorized access to system resources and execute arbitrary commands with elevated privileges.

SectopRAT: A Deep Dive into a Stealthy .NET-Based Trojan

SectopRAT is commonly distributed through malvertising campaigns, including deceptive ads on major platforms like Google and Bing, and drive-by downloads of illegitimate software.

Triple Threat in Frappe Framework Poses SQL Injection, RCE, and Information Disclosure Risks

Multiple critical security vulnerabilities have been identified in the Frappe Framework, a full-stack web framework powering ERPNext and other database-driven applications.

WordPress Plugin Vulnerability With a CVSS Score of 9.8 Threatens Thousands of Membership Sites

To address this critical vulnerability, the plugin developers have released version 4.1.2. Users are strongly advised to update their plugin to this latest version as soon as possible to secure their websites against potential attacks.

Heap Overflow Vulnerability in CryptoLib Threatens Space Communications

A critical security vulnerability has been identified in CryptoLib, a C-based software implementation of the CCSDS Space Data Link Security Protocol (SDLS) and SDLS Extended Procedures (SDLS-EP).

Apache VCL Hit by SQL Injection and XSS Vulnerabilities

Recent advisories revealed two vulnerabilities (CVE-2024-53678 and CVE-2024-53679) in Apache VCL, a widely-used open-source cloud computing platform designed to deliver custom computing environments.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags