patches
-
Metasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities
Rapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining…
Read More » -
Critical Azure Bastion Vulnerability Lets Attackers Bypass Login and Gain Higher Privileges
Microsoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges…
Read More » -
Critical Grafana Flaw Lets Attackers Escalate Privileges
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers…
Read More » -
Multiple Cisco Unified CCX Vulnerabilities Enable Arbitrary Command Execution by Attackers
Cisco has disclosed critical security vulnerabilities affecting Cisco Unified Contact Center Express (Unified CCX) that could enable unauthenticated, remote attackers…
Read More » -
Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Files Anywhere on Target Systems
Ivanti has released critical security updates for Ivanti Endpoint Manager to address three high-severity vulnerabilities that could allow authenticated attackers…
Read More » -
HTTP/2 ‘MadeYouReset’ Vulnerability Enable Denial-of-Service (DoS) Attacks
A critical vulnerability discovered across numerous HTTP/2 implementations has exposed a dangerous protocol-level vulnerability that enables threat actors to orchestrate…
Read More » -
Multiple Django Flaws Could Allow SQL Injection and Denial-of-Service Attacks
The Django development team has released critical security patches addressing two significant vulnerabilities that could expose applications to denial-of-service attacks…
Read More » -
BitLocker Recovery Risk After October 2025 Updates
Microsoft has issued an urgent advisory for Windows users, confirming that a recent set of security updates released after October…
Read More » -
Hackers Actively Scanning TCP Ports 8530/8531 for WSUS CVE-2025-59287
Security researchers at the SANS Internet Storm Center have detected a significant spike in suspicious network traffic targeting Windows Server…
Read More » -
Cisco IOS XE Vulnerability Being Abused in the Wild to Plant BADCANDY
Cybersecurity authorities are raising urgent alarms as threat actors continue to exploit a critical vulnerability in Cisco IOS XE devices,…
Read More » -
CISA Alerts on Linux Kernel Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added a critical Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog,…
Read More » -
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Sophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors…
Read More » -
New Attack Chains Ghost SPNs and Kerberos Reflection to Elevate SMB Privileges
Microsoft has addressed a critical privilege escalation vulnerability affecting Windows environments worldwide. Attackers can exploit misconfigured Service Principal Names (SPNs)…
Read More » -
Hackers Exploit WordPress Arbitrary Installation Vulnerabilities in the Wild
Cybersecurity firm Wordfence has uncovered a renewed wave of mass exploitation targeting critical vulnerabilities in two popular WordPress plugins, allowing…
Read More » -
Windows 11 24H2/25H2 Update Breaks Mouse and Keyboard in Recovery Mode
Microsoft’s latest cumulative update for Windows 11, KB5066835, is causing significant disruptions for users, most notably by rendering USB keyboards…
Read More » -
WatchGuard VPN Flaw Allows Remote Attackers to Execute Arbitrary Code
A critical security vulnerability has been discovered in WatchGuard Firebox appliances that could allow remote attackers to execute arbitrary code…
Read More » -
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due…
Read More » -
Hackers Breach F5 Steal BIG-IP Source Code and Secret Vulnerability Data
F5 Networks confirmed that a sophisticated nation-state threat actor infiltrated its systems, exfiltrating proprietary BIG-IP source code and confidential vulnerability…
Read More »