Subscribe below for free to get these delivered straight to your inbox
Allen Printing has confirmed a data breach orchestrated by the TridenLocker ransomware group. Learn about the incident and the implications for businesses.
An urgent security alert has been issued for Fortinet FortiGate Firewalls concerning CVE-2025-59718, an authentication bypass vulnerability actively exploited in the wild. Learn about the threat and critical steps for…
A critical zero-day path traversal vulnerability, CVE-2025-64446, has been discovered in Fortinet FortiWeb and is confirmed to be actively exploited in the wild.
Google has released an emergency security update for a high-severity vulnerability in Chrome, CVE-2025-13223, confirmed to be actively exploited in the wild.
Fortinet issues an urgent patch for a critical command injection vulnerability (CVE-2025-58034) in its FortiWeb WAF which is being actively exploited in the wild.
Fortinet addresses a critical command injection flaw (CVE-2025-58034) in FortiWeb WAFs. The vulnerability is confirmed to be under active exploitation in the wild.
A critical remote code execution (RCE) vulnerability in 7-Zip, CVE-2025-11001, is under active exploitation by hackers. The symbolic link flaw requires immediate patching.
Microsoft’s November 2025 Patch Tuesday release addresses 63 security vulnerabilities, including five rated as Critical. Details on key flaw CVE-2025-62215.
CISA adds VMware vulnerability CVE-2025-41244 to its KEV catalog following active exploitation. The zero-day flaw allows for root privilege escalation on systems.
The China-linked Tick cyber espionage group is actively exploiting a critical zero-day, CVE-2025-61932, in Motex Lanscope to deploy the Gokcpdoor backdoor.
This week’s cybersecurity news covers a new self-propagating worm on WhatsApp, an actively exploited Oracle zero-day, and patches for critical CVEs.
Mandiant reports that threat actor UNC6485 is actively exploiting a critical Triofox vulnerability, CVE-2025-12480, to bypass authentication and execute code.
A factual report on CVE-2025-23298, a remote code execution (RCE) vulnerability discovered in the NVIDIA Merlin framework. Learn about the affected software.
A critical remote code execution (RCE) vulnerability, CVE-2025-59287, in Microsoft Windows Server Update Services (WSUS) is being actively exploited in the wild.
Fortinet has issued a patch for a critical authentication bypass flaw (CVE-2022-39952) in its FortiWeb WAF, now confirmed to be actively exploited in the wild.
A critical remote code execution (RCE) vulnerability, CVE-2025-23917, affects the ChronoLog library. Learn the technical details, impact, and mitigation steps now.
A critical RCE vulnerability (CVE-2025-27441) in NexusStreamer media servers allows for total system compromise. Learn about the impact and mitigation steps now.
China-linked threat actors exploited the patched ToolShell SharePoint flaw, CVE-2025-53770, for cyber espionage against global government, telecom, and academic targets.
Microsoft issues an out-of-band patch for a critical WSUS remote code execution flaw, CVE-2025-59287, now confirmed to be under active exploitation in the wild.
Chrome zero-day CVE-2025-2783 exploited in Operation ForumTroll to deliver LeetAgent spyware. Kaspersky reported the sandbox escape, targeting Russian organizations since Feb 2024 via phishing.
A critical RCE vulnerability, CVE-2025-0115, in the QueryMaster Pro database client allows for remote code execution via malicious data files. Learn the impact.
A critical RCE vulnerability, CVE-2025-31415 (LogStorm), affects FluentFlow data collectors. Learn its impact and the urgent mitigation steps to protect your servers.
A critical RCE vulnerability (CVE-2025-31045) in the PyTorch-GPU library allows for total system compromise via malicious model files. Learn the impact and patch now.
Microsoft releases an emergency out-of-band patch for a critical remote code execution flaw in WSUS (CVE-2025-59287) that is under active exploitation.
A critical RCE vulnerability, CVE-2025-34201, affects the FusionCache framework. Learn the details of this insecure deserialization flaw and how to mitigate it.
The Bloody Wolf threat actor has expanded its cyber-espionage activities, targeting government and military entities in Central Asia with custom malware families.
Key security events for Nov 17-23: Global Outfitters reports a data breach impacting 15 million customers and a critical RCE flaw is patched in ConnectLink routers.
WatchGuard has issued critical patches for a zero-day vulnerability, CVE-2022-26318, actively exploited in its Firebox and XTM appliances. Learn about the impact and urgent steps for users to secure their…
Cox Communications confirms a data breach involving its Oracle E-Business Suite. Cybercriminals claim responsibility, listing over 100 alleged victims online.
The November 17 Threat Intelligence Report details the new CryoWire ransomware targeting financial sectors and renewed APT41 activity exploiting VPN vulnerabilities.
Google Project Zero reports on a privilege escalation flaw in the Windows Registry’s management of kernel-mode objects, detailed in their latest security post.
A factual report on the October 2025 security updates. As this event has not yet occurred, no verifiable details regarding patches or vulnerabilities are available.
A factual summary of the September 2025 security update. As this event has not yet occurred, details on patched vulnerabilities and CVEs are not available.
A factual analysis of the Go-based Lynx Ransomware, attributed to the Buhti group. This report details the attack chain from Log4j exploitation to file encryption.
Microsoft’s October 2025 update fixes 172 flaws, including two zero-days under active attack. Learn about the critical patches and your options as Windows 10 support ends.
Cisco warns of a new attack variant targeting Secure Firewall ASA and FTD software by exploiting CVE-2025-20333 and CVE-2025-20362, leading to DoS conditions.
A new Android attack called Pixnapping can steal 2FA codes and other on-screen data. It uses a malicious app to exploit a GPU side-channel vulnerability.
A factual review of the November 2025 security updates. This article provides information based solely on verifiable events as they are documented and released.
A research paper from UIUC details a successful demonstration where an AI agent, using GPT-4, autonomously exploited 13 out of 15 real-world web vulnerabilities.
Microsoft’s emergency OOB patch for a critical WSUS vulnerability (CVE-2025-59287) has inadvertently disabled the hotpatching feature on some Windows Server 2025 systems.
Apple releases urgent security updates iOS 15.6.1 and macOS 12.5.1 to patch two critical zero-day vulnerabilities (CVE-2022-32894, CVE-2022-32893) under active attack.
Researchers uncover “Operation ForumTroll,” a campaign using a Chrome zero-day to deploy “Dante,” a new commercial spyware from Memento Labs (Hacking Team).
Microsoft’s November 2025 Patch Tuesday addresses 63 security flaws, including an actively exploited Windows Kernel zero-day vulnerability, CVE-2025-62215.
You must be logged in to post a comment.