A critical security flaw, CVE-2025-21298, in Microsoft’s OLE technology enables remote code execution through a zero-click vulnerability in Outlook. Attackers can exploit this memory corruption issue by sending malicious RTF emails, triggering the flaw when previewed. Affecting multiple Windows versions, Microsoft has released patches, and users are urged to apply them and take additional precautions to mitigate risks.
CISA Warns of Critical VMware vCenter RCE Vulnerability Now Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This
