ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. According to ESET telemetry, malicious archives were used in spearphishing campaigns between July 18 to July 21, 2025, targeting financial, manufacturing, defense, and logistics companies in Europe and Canada. The aim of theRead More…
In an increasingly AI-powered enterprise landscape, the recent discovery of a zero-click vulnerability in Microsoft 365 Copilot, dubbed EchoLink, should come as a stark warning for cyber security leaders. This isn’t just another flaw – it’s a new class of threat.Read More…
Tenable has identified a privilege escalation vulnerability in Google Cloud Run called ImageRunner. The vulnerability could have allowed attackers to bypass permissions, gain unauthorised access to container images and potentially expose sensitive data. Cloud Run, Google’s serverless container platform, uses a service agent with elevated permissions to pull private Google ContainerRead More…
Positive Technologies announced that its PT SWARM expert Arseniy Sharoglazov identified the CVE-2024-28059 (BDU:2024-01648) vulnerability in MyQ Print Server, a printing management solution, which might have resulted in the interception of sensitive documents and breachesRead More…
ESET researchers have discovered a vulnerability, affecting the majority of UEFI-based systems, that allows actors to bypass UEFI Secure Boot. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s “Microsoft CorporationRead More…
ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). It was being exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries.Read More…
Tenable has disclosed that its Tenable Cloud Research Team has discovered a high severity vulnerability in Azure that affects more than 10 Azure services, including Azure Application Insights, Azure DevOps, Azure Machine Learning, Azure API Management and Azure Logic Apps. Microsoft does not plan to issueRead More…
Yealink has thanked Positive Technologies for discovering the critical vulnerability BDU:2024-00482 in its Yealink Meeting Server videoconferencing system. Yealink is a prominent VoIP provider and is among five major online conferencing vendors. Its products are used in 140 countries. The vendor was notified of the threat per the responsible disclosure policy and released a software patch.Read More…
