Critical Browser-Based Attack Chain Compromises Internal Networks Through Single Website Visit
Security researchers have demonstrated a devastating new attack method that allows cybercriminals to execute remote code on internal corporate networ…
Vulnerability
Critical Zero-Day Flaw in Fortinet FortiWeb Allows Complete System Takeover
A severe pre-authentication SQL injection vulnerability in Fortinet's FortiWeb Fabric Connector has been discovered, allowing attackers to achiev…
'Enter, Exit, Leak': New CPU Side-Channel Attacks Break Isolation in Modern Processors
Security researchers from Microsoft and ETH Zurich have uncovered four new speculative side-channel vulnerabilities in modern AMD and Intel processor…
Critical CitrixBleed 2 Zero-Day Enables Memory Theft, Bypasses Authentication
A newly disclosed vulnerability in Citrix NetScaler appliances is allowing attackers to steal sensitive memory contents through a simple HTTP request…
Google Rushes to Fix Chrome's Fourth In-Wild Exploited Zero-Day - POC Released
Google has issued an emergency security update for Chrome to address a critical zero-day vulnerability that cybercriminals are actively exploiting in…
Critical Zero-Day Vulnerability Grants Root Access to Wing FTP Servers Worldwide
A critical null-byte injection vulnerability in Wing FTP Server has been discovered that allows attackers to gain complete root access to affected sy…
CitrixBleed 2 Vulnerability Now Under Active Attack Worldwide
A critical new vulnerability dubbed " CitrixBleed 2 " is being actively exploited by cybercriminals, marking a dangerous return of sessio…
GerriScary - A Supply Chain Vulnerability Compromises 18 Google Projects
Security researchers at Tenable Cloud Research have disclosed a significant supply chain vulnerability dubbed " GerriScary " that exposed a…
Five Critical Security Vulnerabilities Disclosed in Widely-Used libxml2 Library
The maintainers of libxml2, a fundamental XML parsing library used across countless software applications, have disclosed five serious security vulne…
Critical Flaw in ZendTo File Transfer App Exposes User Data Across Organizations
Security researchers have uncovered a serious path traversal vulnerability in ZendTo , a widely used file-sharing platform trusted by universities, …
Researchers Expose Critical Secure Boot Vulnerabilities Affecting Millions of UEFI Systems
Security researchers have uncovered two significant vulnerabilities that can completely bypass Secure Boot protections on UEFI-compatible systems, po…
Critical Signature Verification Flaw Discovered in OpenPGP.js Library
A critical vulnerability in the widely used OpenPGP.js library has been discovered that allows attackers to spoof message signatures, potentially com…
10-Year-Old Vulnerability Discovered in Roundcube Webmail Affects Millions of Hosts
A critical security vulnerability that remained hidden for nearly a decade has been discovered in Roundcube Webmail, potentially affecting over 53 mi…
Critical RCE Flaw Discovered in D-Tale Data Visualization Tool
A critical security vulnerability has been discovered in D-Tale, a popular data visualization tool, allowing attackers to execute arbitrary system c…
Ivanti EPMM Under Attack: Critical RCE Flaws Actively Exploited
Security researchers at watchTowr have published their analysis of two critical vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) soluti…
Critical Pre-Auth RCE Vulnerabilities Found in SysAid On-Premise ITSM Solution
Cybersecurity research firm watchTowr has disclosed multiple critical vulnerabilities in SysAid's on-premises IT Service Management (ITSM) soluti…
Critical Vulnerabilities Actively Exploited in SonicWall SMA Appliances
Security researchers at watchTowr have published an analysis of two vulnerabilities currently being exploited in the wild against SonicWall's Sec…
Apache Tomcat Releases Security Updates for DoS and Bypass Vulnerabilities
The Apache Software Foundation has released important security updates addressing two vulnerabilities in Apache Tomcat, the popular open-source web s…
.webp)
Critical RCE Vulnerability in Commvault Backup Software
Security researchers at watchTowr have disclosed a critical remote code execution (RCE) vulnerability in Commvault's backup and recovery software…
Critical Ivanti Connect Secure Vulnerability Under Active Exploitation by Chinese Hackers
A critical security vulnerability in Ivanti Connect Secure VPN appliances ( CVE-2025-22457 ) is being actively exploited by suspected Chinese state-…