CISA

A critical five-year-old Fortinet firewall flaw (CVE-2020-12812) allows attackers to bypass two-factor authentication by altering a username's case, and over…

A critical vulnerability (CVE-2025-13915) in IBM API Connect allows attackers to bypass authentication and gain unauthorized remote access, posing a…

Significant staffing cuts at CISA, the national cybersecurity agency, have created a severe operational crisis with a 40% vacancy rate…

A critical vulnerability in MongoDB, tracked as CVE-2025-14847 and dubbed MongoBleed, is being actively exploited to remotely steal sensitive data…

A ransomware attack disrupted administrative systems at Romania's national water authority, but crucial operational technology controlling physical water infrastructure like…

Tens of thousands of internet-facing Fortinet devices remain vulnerable to critical authentication bypass flaws (CVE-2025-59718/9), creating a massive attack surface…

Apple has released urgent security patches for two actively exploited zero-day vulnerabilities (CVE-2025-14174 and CVE-2025-43529) in its WebKit browser engine,…

MITRE and CISA have released the 2025 CWE Top 25, a critical ranking of the most dangerous software weaknesses based…

CISA has mandated federal agencies to patch a critical, actively exploited vulnerability (CVE-2025-58360) in GeoServer that allows attackers to steal…

A critical path traversal vulnerability (CVE-2025-6218) in WinRAR for Windows is being actively exploited, allowing attackers to execute arbitrary code…

Pro-Russia hacktivist groups are exploiting weak security to breach U.S. critical infrastructure, causing real disruptions in sectors like water and…

A sophisticated Chinese-linked malware campaign called "Brickstorm" is targeting VMware vSphere servers, using hidden virtual machines to steal credentials and…

U.S. and Australian cybersecurity agencies have released joint guidelines to help critical infrastructure operators securely integrate AI tools, like machine…

The Pall Mall Process, a joint UK-France initiative with 27 governments and major tech firms, aims to establish international standards…

CISA has issued an urgent directive for federal employees to apply critical Android security updates by December 23 or stop…

Google has released a critical Android security update patching over 100 vulnerabilities, including three severe flaws that are under active,…

A critical vulnerability (CVE-2025-61757) in Oracle Identity Manager is being actively exploited, allowing unauthenticated attackers to execute arbitrary code via…

A critical security vulnerability (CVE-2025-61757) in Oracle Identity Manager allows attackers to execute remote code without authentication by exploiting weaknesses…

Google has issued an emergency security patch for Chrome to address a high-severity vulnerability (CVE-2025-13223) that is already being actively…

D-Link has issued a critical alert for its unsupported DIR-878 router, revealing three severe vulnerabilities that allow unauthenticated remote command…