CVE-2025-53690: Sitecore Deployments Targeted via WEEPSTEEL Malware
CVE-2025-53690: Sitecore Deployments Targeted via WEEPSTEEL Malware Organizations running older Sitecore deployments are now in the crosshairs of attackers exploiting a newly disclosed security issue,...
Salesloft Drift Breach: Everything You Need to Know
Salesloft Drift Breach: Everything You Need to Know [Update] September 8, 2025: “Salesloft’s Official Update: GitHub Breach Led to Drift Token Theft” In August 2025, Salesloft’s Drift chatbot service ...
September 2025 Android Security Bulletin Highlights Exploited Flaws: C...
September 2025 Android Security Bulletin Highlights Exploited Flaws: CVE-2025-38352 & CVE-2025-48543 Google has published the September 2025 Android Security Bulletin, which includes a wide set of...
CVE-2025-55177: Zero-Click WhatsApp Exploit Leveraged in Targeted Spyw...
CVE-2025-55177: Zero-Click WhatsApp Exploit Leveraged in Targeted Spyware Attacks on Apple Devices [Update] October 1, 2025: Researchers Trigger the WhatsApp Zero-Click Exploit Chain (CVE-2025-55177 a...
CVE-2025-7775: Citrix Zero-Day Exploit Hits NetScaler Devices
CVE-2025-7775: Citrix Zero-Day Exploit Hits NetScaler Devices A newly discovered zero-day vulnerability in Citrix NetScaler devices, tracked as CVE-2025-7775, is already being exploited in the wild, p...
CVE-2025-9074: Docker Desktop Vulnerability Allows Host Compromise
CVE-2025-9074: Docker Desktop Vulnerability Allows Host Compromise Containers are designed to provide isolation, but a newly disclosed flaw shows just how fragile that boundary can be when misconfigur...
July 2025: Allianz, Qantas, M&S, Co-op Breaches, $140M Bank Hack & Sha...
July 2025: Allianz, Qantas, M&S, Co-op Breaches, $140M Bank Hack & SharePoint 0-Day Exploits From airlines and insurers to banks and retailers, July 2025 showed no sector was off-limits for cy...
CVE-2025-20265: RCE Flaw in Cisco Secure Firewall FMC RADIUS Authentic...
CVE-2025-20265: RCE Flaw in Cisco Secure Firewall FMC RADIUS Authentication Cisco has disclosed a critical vulnerability affecting Secure Firewall Management Center Software, along with 28 additional ...
MadeYouReset: New HTTP/2 DoS Vulnerability Explained
MadeYouReset: New HTTP/2 DoS Vulnerability Explained A newly disclosed technique called “MadeYouReset” lets attackers coax HTTP/2 servers into resetting their own streams, slipping past many Rapid Res...
CVE-2025-25256: FortiSIEM Flaw Enables Unauthenticated RCE
CVE-2025-25256: FortiSIEM Flaw Enables Unauthenticated RCE A new critical vulnerability in Fortinet’s FortiSIEM platform is drawing urgent attention. With exploit code already circulating in the wild ...
August 2025 Patch Tuesday: Microsoft Fixes 111 CVEs & Publicly Disclos...
August 2025 Patch Tuesday: Microsoft Fixes 111 CVEs & Publicly Disclosed Kerberos Zero-Day (CVE-2025-53779) [Update] “Post-Patch Findings on BadSuccessor (CVE-2025-53779)” Microsoft has rolled out...
Salesforce-Related Data Breach Affecting Multiple Companies
Salesforce-Related Data Breach Affecting Multiple Companies [Update] August 12, 2025: “ShinyHunters Reopens Telegram Channel, Claims BreachForums Is Law Enforcement–Run” In mid-2025, a series of coord...
CVE-2025-8088: WinRAR Zero-Day Exploited in Targeted Attacks
CVE-2025-8088: WinRAR Zero-Day Exploited in Targeted Attacks A newly discovered zero-day vulnerability in the popular file archive tool WinRAR, tracked as CVE-2025-8088, has been actively exploited in...
CVE-2025-53786: CISA Issues Emergency Directive for Critical Microsoft...
CVE-2025-53786: CISA Issues Emergency Directive for Critical Microsoft Exchange Hybrid Vulnerability On August 7, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an Emerg...
CVE-2025-54948 & CVE-2025-54987: Trend Micro Apex One Exploited for RC...
CVE-2025-54948 & CVE-2025-54987: Trend Micro Apex One Exploited for RCE Trend Micro has recently disclosed two critical vulnerabilities, CVE-2025-54948 and CVE-2025-54987, affecting its Apex One o...
Akira Exploits SonicWall SSLVPN in Suspected Zero-Day Attacks
Akira Exploits SonicWall SSLVPN in Suspected Zero-Day Attacks [Update] Surge in Exploitation of CVE-2024-40766 by Akira [Update] SonicWall Links Attacks to CVE-2024-40766, Not a Zero-Day A string of ...
Critical OAuth2-Proxy Vulnerability (CVE-2025-54576) Lets Attackers By...
Critical OAuth2-Proxy Vulnerability (CVE-2025-54576) Lets Attackers Bypass Authentication A security flaw has been found in OAuth2-Proxy, a tool that helps secure web applications using OAuth2 or OIDC...
June 2025: Qantas, 23andMe, Zoomcar, and Coinbase Breaches Lead Impact
June 2025: Qantas, 23andMe, Zoomcar, and Coinbase Breaches Lead Impact June 2025 witnessed a wave of impactful cyber incidents spanning government agencies, critical infrastructure, healthcare, and ma...
Critical SonicWall SMA Vulnerability CVE-2025-40599: What You Need to ...
Critical SonicWall SMA Vulnerability CVE-2025-40599: What You Need to Know SonicWall has disclosed a critical vulnerability in its SMA 100 series remote access devices, tracked as CVE-2025-40599. This...
What Happened to XSS.is? Everything You Need to Know About the Forum T...
What Happened to XSS.is? Everything You Need to Know About the Forum Takedown This week, authorities made a major move against the cybercrime underground. After years of investigation, the suspected a...