This article delves into the interconnected issue of insecure hardware, exploring its journey from a local problem to a global threat. It begins at the source: the vulnerable devices in our homes and offices, and… Read More »The Hidden Cost of Unsecured Hardware: Botnets to Cloud Accountability
A Massive Thank You I firstly want to give a massive thanks to the 620 people who completed the survey that was sent out across my network about a month ago. The response was much… Read More »Cybersecurity Basics: What Really Keeps You Safe Online
CVE-2025-31324 pose significant risks to organisations using SAP NetWeaver Visual Composer. This critical vulnerability, with a severity rating of 10.0, highlights a serious flaw in the software’s metadata uploader, which lacks proper authorisation controls. This… Read More »CVE-2025-31324: Critical Vulnerability in SAP NetWeaver
Recently, Elon Musk suggested that Ukraine might have been responsible for a Distributed Denial of Service (DDoS) attack targeting Twitter. This claim was based on some attack traffic originating from Ukrainian IP addresses. However, such… Read More »Elon Musk, Twitter, and the Misunderstanding of DDoS Origins
A new security vulnerability has been identified in the widely-used ingress-nginx controller for Kubernetes, designated as CVE-2025-1234. This vulnerability involves the auth-url Ingress annotation, which can be exploited to inject malicious configurations into nginx, leading… Read More »CVE-2025-1234: Critical Configuration Injection in ingress-nginx and How to Protect Your Kubernetes Environment
On March 4, 2025, Broadcom issued a critical security advisory addressing three zero-day vulnerabilities in VMware products that were actively exploited in the wild. These high-risk vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, affect VMware… Read More »Broadcom Patches Three VMware Zero-Day Vulnerabilities Exploited in the Wild
A new vulnerability has emerged in the past few days that requires immediate attention. CVE-2025-21391, identified as an elevation of privilege vulnerability within Windows Storage, has been officially recognised by Microsoft. With an EPSS score… Read More »CVE-2025-21391: Critical Zero-Day Vulnerability in Windows Storage
With so many websites using WordPress with plugins installed, security is a key component often overlooked, especially when dealing with user authentication. CVE-2025-1061 highlights a critical vulnerability in a common plugin used to let users sign in with social accounts… Read More »WordPress users at risk of vulnerability in plugin used by thousands. Urgent action needed
Technical Overview THIS IS A NEW VULNERABILITY; IT HAS NOT YET RECEIVED AN CVE SCORE. URGENT UPDATES REQUIRED CVE-2025–24200 is an authorisation vulnerability affecting iOS and iPadOS devices. Specifically, it allows a physical attacker to… Read More »CVE-2025–24200: Addressing the new iPadOS USB Restricted Mode Vulnerability.
CentOS is a discontinued OS. If you are still using this, please upgrade where available. CVE-2021-31324 is a vulnerability found in the unprivileged user portal of the CentOS Web Panel. This flaw is particularly concerning… Read More »CentOS Web Panel Vulnerability: CVE-2021-31324: Critical Command Injection