Inside the F5 Breach: What We Know and Recommended Actions

On October 15, 2025, F5 Networks disclosed a breach attributed to a sophisticated nation-state actor. In an SEC 8-K form also filed that same day, F5 confirmed unauthorized access to its internal development and knowledge-management systems dating back to August 9, 2025. Some source-code and...

CVE-2021-21148

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: gwillcox-r7 at February 05, 2021 4:25pm UTC reported: Reported as exploited in the wild at...

VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know

What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community to evidence of active exploitation attempts of CVE-2020-3992 and/or CVE-2019-5544, which are remote code execution RCE vulnerabilities in VMware ESXi’s service location protocol SLP service. VMware had issued a patch...

Adobe Fixes 21 Critical Vulnerabilities with June Patch Tuesday Update

Adobe fixed 21 vulnerabilities across four products today, releasing patches for Flash, Shockwave Player, Captivate, and Adobe Digital Editions. Most of the vulnerabilities, 15 of the 21, are marked critical by the company because they could lead to code execution. The updates came in the form of...

SAP Patches Critical HANA Vulnerability That Allowed Full Access

SAP patched a series of critical vulnerabilities in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise without authentication. When chained together the flaws could lead to the theft of confidential information, financial fraud, and the...

Subex Fms 7.4 - SQL Injection

Subex Fms 7.4 - SQL Injection ======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL Injection =======================================================================================...

Subex ROC Fraud Management System 7.4 SQL Injection Vulnerability

Subex ROC Fraud Management System version 7.4 suffers from a remote unauthenticated time-based blind SQL injection vulnerability. ======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL...

Subex ROC Fraud Management System 7.4 SQL Injection

======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL Injection ======================================================================================= Affected Software: Subex ROC FMS...

New Java Zero Day Being Used in Targeted Attacks

There is a newly discovered zero day vulnerability in Java 7 that is being used in some targeted attacks right now. The vulnerability works against Internet Explorer and Firefox and researchers say that attackers are exploiting in the wild and installing a version of the Poison Ivy RAT on...

Adobe Plans Critical Security Updates for Reader, Acrobat Next Week

Adobe said on Friday that it will issue critical fixes for its popular Reader and Acrobat products on Tuesday, January 10. The company said it is planning to release updates for Adobe Reader and Acrobat versions X and earlier for both the Windows and Macintosh platforms to fix a slew of critical...

Unofficial Patch Released for Adobe Reader Bug

As users await the Oct. 4 release of a patch for the CoolType.dll vulnerability in Adobe Reader, a software and security company has published an unofficial patch for the bug that essentially replaces the vulnerable DLL with a patched one. The patch was published Wednesday by RamzAfzar, a softwar...

This Week In Security: Privacy, RedPhone and Adobe

In case you needed any reminders that privacy is one of the more pressing problems on the Web right now, this week’s news provided plenty of them. Along with stories of Facebook’s continued privacy missteps, this week gave us the gift of Google letting users install some Google code to opt out of...

Java Zero-Day Attacks In The Wild

Just days after Google researcher Tavis Ormandy released details on a dangerous new Java vulnerability, malicious hackers have pounced and are exploiting the flaw in the wild to launch drive-by download attacks. Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor...