A vulnerability, designated CVE-2025-61757, was made public by Searchlight Cyber last Thursday. Company researchers discovered the issue and notified Oracle, which led to its disclosure. Oracle fixed CVE-2025-61757 with the October 2025 patches and confirmed that it is a critical issue that can be easily exploited without authentication. The security firm described it as a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager . The exploit, which combines an authentication bypass vulnerability with arbitrary code execution , could allow an attacker to completely compromise the system. Searchlight Cyber warned on Thursday that the vulnerability could “allow attackers to manipulate authentication

Of all the vulnerabilities, the most feared by victims and the most sought after by attackers is remote code execution, or RCE. This vulnerability allows arbitrary commands to be executed on the attacked system. These commands can be sent via scripts: consider a PHP page loaded on a web server, Windows shell commands, or even machine instructions in the case of buffer overflows. This type of vulnerability allows a quick takeover of the victim, and this attack is carried out remotely without physical access. These vulnerabilities are exploited for various reasons, from unauthorized system access to the installation of unauthorized software. But

Synology has patched a zero-day vulnerability in its BeeStation devices, demonstrated during the recent Pwn2Own competition. The bug, identified as CVE-2025-12686, falls under the category of “buffer copying without input size validation,” allowing an attacker to execute arbitrary code on the target system. The issue affects several versions of BeeStation OS, the operating system that manages Synology consumer network attached storage (NAS) devices and is marketed as a “personal cloud.” A fix is included in the BeeStation OS update for versions 1.3.2-65648 and later. There are no other workarounds available, so users are advised to install the latest firmware immediately. The vulnerability

Software vulnerabilities pose a threat to cybersecurity because hackers can exploit them to gain access to computer systems. A software vulnerability is a flaw in software that can be used by attackers to compromise data security or system operation. Software vulnerabilities can be caused by a variety of factors, including programming errors, poor system design, misconfiguration, lack of patches, and failure to implement adequate security controls. While in the previous article ” What are security bugs? A journey through PoCs, exploits, bug bounty programs, and work ” we analyzed them more from a technical and work-related perspective, with this article we want

Researcher José Pino has presented a proof-of-concept vulnerability in the Blink rendering engine used in Chromium -based browsers, demonstrating how a single web page can crash many popular browsers and render a device unusable in seconds. Pino published code for Brash , which demonstrated massive UI degradation and complete tab freezing on most tested Chromium builds. The vulnerability is related to an architectural feature of document.title processing: Blink has no rate limit for document title updates, allowing the script to make millions of changes to the DOM and overload the main thread in a matter of milliseconds. Pino’s method involves loading a

Wordfence is raising the alarm about a large-scale malware campaign in which attackers are exploiting critical vulnerabilities in the popular WordPress plugins GutenKit and Hunk Companion . The company blocked 8.7 million such attack attempts against its customers in just two days. Hackers are exploiting three critical vulnerabilities (9.8 on the CVS19 security scale): CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972. All of these vulnerabilities allow remote code execution on vulnerable websites. CVE-2024-9234 affects the GutenKit plugin, which has 40,000 active installations . The vulnerability is related to an unauthenticated REST endpoint and allows the installation of arbitrary plugins without authentication. The issue affects GutenKit