News - Page 2 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

A Dangerous Vulnerability Found in React and Next.js: PoC Release Sparks Global Concern

Millions of websites and web applications around the world rely on React and Next.js. Therefore, the discovery of a new vulnerability — CVE-2025-55182 — has caused serious concern among developers. The flaw enables remote code execution (RCE) on the server…

News

CISA and NSA Warn of BRICKSTORM Malware Targeting VMware ESXi and Windows Systems

A new cyber threat that has drawn significant attention from the international cybersecurity community — a sophisticated malware known as BRICKSTORM — has been highlighted in a joint advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the…

News

Critical WordPress RCE Vulnerability: Wide-Scale Attacks Launched Through Sneeit Framework Plugin

The WordPress ecosystem is facing another serious security threat. In recent days, cybercriminals have begun actively exploiting a critical Remote Code Execution (RCE) vulnerability in the Sneeit Framework plugin. The flaw, identified as CVE-2025-6389 with a CVSS score of 9.8,…

News

Critical Vulnerability in K7 Antivirus: How a Regular User Can Gain SYSTEM Privileges

Cybersecurity experts have discovered a new vulnerability in K7 Computing’s K7 Ultimate Security product, leading to a major security issue. This flaw allows ordinary users with limited privileges to gain the highest level of operating system access — SYSTEM rights.…

News

New Android “0-Day” Vulnerabilities: CISA Issues Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an official warning about two serious actively exploited “0-day” vulnerabilities in the Android operating system. These vulnerabilities pose a direct threat to the security of millions of Android users worldwide.…

News

Critical Elementor Plugin Vulnerability Puts Thousands of WordPress Sites at Risk

Today, the WordPress ecosystem serves as the backbone for millions of websites worldwide. Yet even a small flaw in a seemingly minor plugin can trigger serious consequences. Recently, such a situation unfolded when a critical vulnerability discovered in the popular…

News

Two Critical Security Vulnerabilities Found in Django: SQL Injection and DoS Risks

Two serious security vulnerabilities have been discovered in Django, one of the most widely used web development frameworks. The Django team has released essential security updates to address these issues. One vulnerability is classified as high severity and the other…

News

Critical Apache bRPC Vulnerability: Specially Crafted JSON Can Crash Servers

A new, highly dangerous security threat has been identified in the cybersecurity landscape. A vulnerability labeled CVE-2025-59789 has been discovered in the Apache bRPC (Baidu RPC) framework, allowing attackers to remotely crash servers. The severity score of this flaw is…

News

Dangerous Outlook Vulnerability Bypassing Security: Public PoC Release Escalates the Threat Landscape

A new and serious cybersecurity threat has emerged involving Microsoft Outlook. The vulnerability, registered as CVE-2024-21413, creates a critical security gap by allowing attackers to bypass one of Outlook’s core protection mechanisms — Protected View. Recently, a Proof-of-Concept (PoC) exploit…

News

Albiriox: A New Android Malware Capable of Taking Full Control of User Devices

As digital technologies evolve, cybercriminals continue to advance their tools just as rapidly. One of the most alarming recent threats targeting Android users is Albiriox, a newly discovered malware family that combines banking fraud capabilities with full remote access functionality.…