Critical Vulnerability

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

CVE News

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, was actively exploited...

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

CVE News

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Fortra has issued an urgent security advisory concerning a newly identified vulnerability in its GoAnywhere Managed File...

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

Blue-Team

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

The cybersecurity industry is confronting a fundamental shift in how vulnerabilities are managed. The traditional model, centered...

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

CVE News

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

The Pennsylvania Attorney General’s Office (AGO) has confirmed a cyberattack that disrupted critical systems, including email services,...

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

CVE News

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Microsoft’s August 2025 Patch Tuesday addresses 107 security vulnerabilities, including one actively exploited zero-day in Windows Kerberos....

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

CVE News

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

As of August 2025, more than 3,300 Citrix NetScaler devices remain vulnerable to CitrixBleed 2 (CVE-2025-5777), a...

McDonald’s AI Hiring Chatbot Exposes 64 Million Applicants’ Data via Default Credentials

Data Breach

McDonald’s AI Hiring Chatbot Exposes 64 Million Applicants’ Data via Default Credentials

McDonald’s AI-powered hiring chatbot, “Olivia,” developed by Paradox.ai, exposed the personal data of over 64 million job...

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

CVE News

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

Proof-of-concept (PoC) exploits for a critical SQL injection (SQLi) vulnerability in Fortinet FortiWeb have been publicly released,...

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

CVE News

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

A critical vulnerability in OpenVSX, the open-source extension marketplace used by popular VS Code forks like Cursor...

Brother Printer Vulnerability: Unpatchable Default Admin Password Flaw Affects 689 Models

CVE News

Brother Printer Vulnerability: Unpatchable Default Admin Password Flaw Affects 689 Models

A critical vulnerability affecting 689 Brother printer models, along with devices from Fujifilm, Toshiba, and Konica Minolta,...

Cisco ISE and ISE-PIC Vulnerabilities: Critical RCE Flaws Require Immediate Patching

CVE News

Cisco ISE and ISE-PIC Vulnerabilities: Critical RCE Flaws Require Immediate Patching

Cisco has issued an urgent security advisory regarding two critical remote code execution (RCE) vulnerabilities affecting its...

Critical Privilege Escalation Vulnerability in WordPress Motors Theme Actively Exploited

CVE News

Critical Privilege Escalation Vulnerability in WordPress Motors Theme Actively Exploited

A critical privilege escalation vulnerability (CVE-2025-4322) in the WordPress Motors theme is being actively exploited in the...

Critical Linux udisks Vulnerability Allows Local Privilege Escalation to Root

CVE News

Critical Linux udisks Vulnerability Allows Local Privilege Escalation to Root

A newly discovered vulnerability in the Linux udisks service (CVE-2025-6019) enables local attackers to escalate privileges to...

Over 46,000 Unpatched Grafana Instances Vulnerable to Account Takeover via Open Redirect Flaw

CVE News

Over 46,000 Unpatched Grafana Instances Vulnerable to Account Takeover via Open Redirect Flaw

More than 46,000 internet-facing Grafana instances remain unpatched against a high-severity vulnerability (CVE-2025-4123) that chains an open...

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

CVE News

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

Trend Micro has released urgent security updates addressing multiple critical-severity vulnerabilities in its Apex Central and Endpoint...

GitLab Patches Critical Account Takeover and Pipeline Hijacking Vulnerabilities

CVE News

GitLab Patches Critical Account Takeover and Pipeline Hijacking Vulnerabilities

GitLab has released security updates addressing multiple high-severity vulnerabilities in its DevSecOps platform, including flaws that could...

Google Patches Critical Vulnerability Exposing Account Recovery Phone Numbers

CVE News

Google Patches Critical Vulnerability Exposing Account Recovery Phone Numbers

Google has addressed a high-severity vulnerability that allowed attackers to brute-force recovery phone numbers tied to user...

Cisco Patches Critical ISE and CCP Vulnerabilities with Public Exploits

CVE News

Cisco Patches Critical ISE and CCP Vulnerabilities with Public Exploits

Cisco has issued patches for three high-severity vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration...

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

CVE News

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin warning of eight vulnerabilities in its StoreOnce...

Public Exploit Details Emerge for Critical Cisco IOS XE Vulnerability (CVE-2025-20188)

CVE News

Public Exploit Details Emerge for Critical Cisco IOS XE Vulnerability (CVE-2025-20188)

Technical details surrounding CVE-2025-20188, a maximum-severity arbitrary file upload vulnerability affecting Cisco IOS XE Wireless LAN Controller...

Posts pagination

1 2 3 4 … 6 Next

Critical Vulnerability

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

McDonald’s AI Hiring Chatbot Exposes 64 Million Applicants’ Data via Default Credentials

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

Brother Printer Vulnerability: Unpatchable Default Admin Password Flaw Affects 689 Models

Cisco ISE and ISE-PIC Vulnerabilities: Critical RCE Flaws Require Immediate Patching

Critical Privilege Escalation Vulnerability in WordPress Motors Theme Actively Exploited

Critical Linux udisks Vulnerability Allows Local Privilege Escalation to Root

Over 46,000 Unpatched Grafana Instances Vulnerable to Account Takeover via Open Redirect Flaw

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

GitLab Patches Critical Account Takeover and Pipeline Hijacking Vulnerabilities

Google Patches Critical Vulnerability Exposing Account Recovery Phone Numbers

Cisco Patches Critical ISE and CCP Vulnerabilities with Public Exploits

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

Public Exploit Details Emerge for Critical Cisco IOS XE Vulnerability (CVE-2025-20188)

You may have missed

Adobe Analytics Data Leak: Architectural Failure Exposes Cross-Tenant Data

Snapchat’s Shift to Paid Storage: A Technical Analysis of Cloud Service Monetization

Google’s Developer Registration Policy Threatens F-Droid’s Existence

Google Drive for Desktop Deploys AI-Powered Ransomware Detection and Recovery