AI Vulnerability Easier to Exploit than Previously Thought
Executive Summary Researchers have conducted a study showing that Artificial Intelligence (AI) models may be easier to poison than previously thought. With the widespread use of AI models like ...
New Zoom VDI Client Vulnerability
Executive Summary On November 10, 2025, CVE 2025-64740 was identified and given a CVSS score of 7.5 indicating a high severity vulnerability. This vulnerability affects Zoom’s Virtual Desktop ...
Bypassing BitLocker Encryption Via Physical Technique
Executive Summary A new vulnerability has been identified in Windows’s BitLocker security feature that can bypass PIN authentication. Attackers can steal data from BitLocker encrypted hard drives ...
Highest CVSS Score Yet for Microsoft’s ASP.NET Framework
Executive Summary On October 17 2025, CVE-2025-55315 was identified and patched for Microsoft’s Active Server Pages (ASP).NET framework. This vulnerability exists in a widely used web development ...
Pixnapping: A New Approach to Information Stealing
Executive Summary A vulnerability called Pixnapping has been identified in modern Android devices that allows hackers to steal data from pixels on a screen. This attack is a proof of concept that is ...
Shai-Hulud Worm: Supply Chain Threat
Executive Summary On September 15, 2025, suspicious files began appearing in the Node Package Manager (npm) ecosystem hosted on GitHub. This event was discovered to be part of a hacking campaign ...
CISA Issues Emergency Directive In Light of New Cisco Vulnerabilities
Executive Summary On September 25, 2025, Cisco identified three day-zero vulnerabilities that pertains to their Adaptive Security Appliances (ASA) and Firepower Threat Defender (FTD). These ...
CrushFTP CVE-2025-31161 Vulnerability
Executive Summary On March 21, 2025, a critical vulnerability was discovered in CrushFTP, identified as CVE-2025-31161. This allows for an authentication bypass via unauthenticated HTTP(s) port ...
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
Executive Summary On March 10, 2025, a critical remote code execution vulnerability was found within Apache Tomcat. Identified as CVE-2025-24813, this vulnerability exploits how the server handles ...
Next.js Middleware CVE-2025-29927 Vulnerability
Executive Summary A critical vulnerability identified as CVE-2025-29927 was discovered in Next.js Middleware. Attackers can bypass authorization checks handled by Middleware. The vulnerability ...