CVSS

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

CVE News

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

ASUS has issued a security advisory concerning a critical authentication bypass vulnerability, tracked as CVE-2025-59367, affecting several...

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

CVE News

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

A critical vulnerability in Gladinet’s Triofox file-sharing platform has been actively exploited by threat actors to bypass...

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

CVE News

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

SAP has released its November 2025 security updates, a critical patch batch addressing 18 new security notes...

Critical Authentication Bypass in Service Finder WordPress Theme Actively Exploited

CVE News

Critical Authentication Bypass in Service Finder WordPress Theme Actively Exploited

A critical security vulnerability in the Service Finder WordPress theme and its accompanying Bookings plugin is being...

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

CVE News

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, is being actively...

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

CVE News

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

The Redis security team has issued patches for a critical, maximum-severity vulnerability that enables authenticated attackers to...

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

CVE News

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

A significant security vulnerability, tracked as CVE-2025-59489, has been identified within the Unity game engine, posing a...

Western Digital Patches Critical My Cloud Command Injection Vulnerability

CVE News

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Western Digital has released firmware updates to address a critical-severity vulnerability in multiple My Cloud Network Attached...

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

CVE News

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, was actively exploited...

Critical Microsoft Entra ID Flaw Enabled Global Tenant Hijack

CVE News

Critical Microsoft Entra ID Flaw Enabled Global Tenant Hijack

A recently disclosed vulnerability in Microsoft’s Entra ID (formerly Azure AD) identity management service could have allowed...

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

CVE News

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Fortra has issued an urgent security advisory concerning a newly identified vulnerability in its GoAnywhere Managed File...

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

Blue-Team

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

The cybersecurity industry is confronting a fundamental shift in how vulnerabilities are managed. The traditional model, centered...

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Blue-Team

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Microsoft’s September 2025 Patch Tuesday has been released, addressing a total of 81 security vulnerabilities across its...

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

CVE News

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

SAP has released patches for 21 new security flaws, including three critical vulnerabilities in its widely used...

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

CVE News

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

A critical zero-day vulnerability in legacy Sitecore deployments, designated CVE-2025-53690, has been actively exploited by threat actors...

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

CVE News

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as the U.S....

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

CVE News

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Google’s September 2025 Android security bulletin addresses a significant security event, patching 120 vulnerabilities across the platform...

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

CVE News

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Click Studios, the developer of the Passwordstate enterprise password manager, has issued an urgent warning to its...

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CVE News

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Citrix has released emergency patches for a critical remote code execution vulnerability, tracked as CVE-2025-7775, affecting its...

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

CVE News

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

A critical vulnerability in Docker Desktop for Windows and macOS, designated CVE-2025-9074, has been patched after it...

Posts pagination

1 2 3 4 … 12 Next

CVSS

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

Critical Authentication Bypass in Service Finder WordPress Theme Actively Exploited

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Beyond the NVD Backlog: The Shift to Real-Time Vulnerability Intelligence

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

SAP NetWeaver Under Siege: Critical Vulnerabilities Exploited for RCE and Data Theft

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

TP-Link Router Zero-Day and Active Exploitation Campaigns Prompt Urgent CISA Response

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

You may have missed

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

North Korean IT Worker Scheme: A Technical Analysis of Infiltration and Fraud

Digital Passport Integration in Mobile Wallets: A Security Analysis

U.S. Launches Scam Center Strike Force to Combat $10 Billion Crypto Fraud Networks