vulnerabilities
-
25,000+ FortiCloud SSO-Enabled Systems Vulnerable to Remote Exploitation
The Shadowserver Foundation has discovered over 25,000 internet-facing Fortinet devices globally with FortiCloud Single Sign-On (SSO) functionality enabled, raising concerns…
Read More » -
Apache Log4j Flaw Enables Interception of Sensitive Logging Data
The Apache Software Foundation has released a critical security update for its widely used Log4j logging library. A newly discovered…
Read More » -
Roundcube Flaws Let Attackers Execute Malicious Scripts
Roundcube, a widely used open-source webmail platform, has released critical security updates to address two significant vulnerabilities in its 1.6…
Read More » -
New Reports Reveal WAFs Are Ineffective Against Latest React2Shell Exploit
Miggo Security has released a comprehensive benchmark study revealing critical gaps in Web Application Firewall (WAF) protection, with the discovery…
Read More » -
ForumTrol Operation Uses Chrome Zero-Day in Fresh Phishing Attacks
The ForumTroll APT group has re-emerged with a highly sophisticated phishing campaign aimed at Russian academics, marking a significant escalation…
Read More » -
Parked Domains Emerge as a Primary Channel for Malware and Phishing
The landscape of domain parking has undergone a significant transformation over the past decade, evolving from a relatively benign monetization…
Read More » -
Russian Hackers Launch Attacks on Network Edge Devices in Western Critical Infrastructure
Russian state-sponsored hackers have intensified their attacks on misconfigured network edge devices across Western critical infrastructure, marking a significant shift…
Read More » -
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known…
Read More » -
Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft
Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal…
Read More » -
PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers
A sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours…
Read More » -
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks
NVIDIA has issued urgent security patches for its Merlin machine learning framework, addressing two high-severity deserialization vulnerabilities that could allow…
Read More » -
MITRE Unveils 2025’s Top 25 Most Dangerous Software Weaknesses
MITRE has released its annual Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list for 2025, identifying the…
Read More » -
Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users
Apple has recently released critical security patches to address two zero-day vulnerabilities that are being actively exploited on iPhone and…
Read More » -
CISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued critical guidance on managing UEFI Secure Boot configurations across enterprise systems,…
Read More » -
Surge in Attacks Targeting RSC-Enabled Services Worldwide
In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly…
Read More » -
644K+ Websites at Risk Due to Critical React Server Components Flaw
A critical vulnerability known as “React2Shell” has been identified by the Shadowserver Foundation, posing a significant threat to a massive…
Read More » -
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws
Zoom has released security patches to address two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. These…
Read More »