VULNERABILITY 76
- King Addons flaw lets anyone become WordPress admin
- Weaponized file name flaw makes updating glob an urgent job
- Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges
- Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
- Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage
- U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
- Patch now Samsung zero-day lets attackers take over your phone
- Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover
- OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT
- Hackers exploiting Windows updates Microsoft urges users to patch
- 706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online – PoC Released
- Hackers exploiting critical vulnerability in Windows Server Update Service
- Anomali Cyber Watch - Nimbus Manticore, Spoofed IC3 Portals, a Record-Breaking DDoS Attack, and More
- PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability
- WatchGuard VPN Vulnerability Let Remote Attacker Execute Arbitrary Code
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
- The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
- 13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System
- Microsoft Critical GoAnywhere bug exploited in ransomware attacks
- New WireTap Attack Breaks Server SGX to Exfiltrate Sensitive Data
- Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems
- Cisco warns of IOS zero-day vulnerability exploited in attacks
- CISA Details That Hackers Gained Access to a U.S. Federal Agency Network Via GeoServer RCE Vulnerability
- Microsoft Fixed Entra ID Vulnerability Allowing Global Admin Impersonation
- Microsoft Entra ID flaw allowed hijacking any company's tenant
- Google Chrome 0-Day Vulnerability Actively Exploited in the Wild – Patch Now
- How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks
- IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions
- New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems
- DELMIA Factory Software Vulnerability Exploited in Attacks
- Microsoft Patch Tuesday, September 2025 Edition
- Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack
- Severe Hikvision HikCentral Product Flaws What You Need to Know
- CMS Provider Sitecore Patches Exploited Critical Zero Day
- Hidden Commands in Images Exploit AI Chatbots and Steal Data
- Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization
- WhatsApp patches vulnerability exploited in zero-day attacks
- Critical Docker Desktop flaw lets attackers hijack Windows hosts
- Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in
- Critical RCE Vulnerability in Cisco Firewall Management Software Under Active Exploitation
- Update WinRAR tools now RomCom and others exploiting zero-day vulnerability
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
- OWASP AIVSS targets agentic AI risk
- Critical Vulnerability Impacting Over 100K Sites Patched in Everest Forms Plugin
- SonicWall investigates possible zero-day amid Akira ransomware surge
- Cursor IDE Persistent Code Execution via MCP Trust Bypass
- Critical Vulnerability in NestJS Devtools Localhost RCE via Sandbox Escape
- AI-powered Cursor IDE vulnerable to prompt-injection attacks
- Attackers Actively Exploiting Critical Vulnerability in Alone Theme
- Account Takeover Vulnerability Affecting Over 400K Installations Patched in Post SMTP Plugin
- How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance
- BIDI Swap Unmasking the Art of URL Misleading with Bidirectional Text Tricks
- The Internet Red Button a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks
- Microsoft Fix Targets Attacks on SharePoint Zero-Day
- Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts
- Zyxel security advisory for path traversal vulnerability in APs
- eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks
- Critical RCE Vulnerability in mcp-remote CVE-2025-6514 Threatens LLM Clients
- Count(er) Strike – Data Inference Vulnerability in ServiceNow
- Critical Sudo bugs expose major Linux distros to local Root exploits
- Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks
- Critical Vulnerability in Microsens Devices Exposes Systems to Hackers
- Zero-day Bluetooth gap turns millions of headphones into listening stations
- Gogs Remote Command Execution Vulnerability (CVE-2024-56731)
- Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands
- Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing
- Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
- Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
- Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
- Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
- EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data
- Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited
- NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073
- iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals
- Qualcomm fixes three Adreno GPU zero-days exploited in attacks
- Bypassing MTE with CVE-2025-0072