Shadowserver

SolarWinds has released critical security patches for its Serv-U file transfer software to fix four vulnerabilities that could allow remote…

CISA has mandated federal agencies to patch two actively exploited vulnerabilities in Roundcube Webmail within three weeks, highlighting the persistent…

A critical authentication bypass vulnerability (CVE-2026-23760) in SmarterMail email servers allows attackers to reset administrator passwords and take full control…

A critical Fortinet firewall vulnerability (CVE-2025-59718) remains actively exploitable even on systems with official patches, allowing attackers to bypass authentication…

A critical vulnerability (CVE-2026-0227) in Palo Alto firewalls could allow unauthenticated attackers to remotely disable them via a denial-of-service attack,…

A critical five-year-old Fortinet firewall flaw (CVE-2020-12812) allows attackers to bypass two-factor authentication by altering a username's case, and over…

A critical vulnerability in MongoDB, tracked as CVE-2025-14847 and dubbed MongoBleed, is being actively exploited to remotely steal sensitive data…

Critical vulnerabilities in widely used firewalls like WatchGuard are being actively exploited, requiring immediate patching to prevent network breaches. Threat…

A critical vulnerability (CVE-2025-14733) in WatchGuard Firebox firewalls allows unauthenticated attackers to remotely execute code, primarily affecting devices with IKEv2…

Over 115,000 WatchGuard Firebox firewalls are actively being targeted via a critical, unauthenticated remote code execution flaw (CVE-2025-14733) in the…

Tens of thousands of internet-facing Fortinet devices remain vulnerable to critical authentication bypass flaws (CVE-2025-59718/9), creating a massive attack surface…

A Chinese state-sponsored hacking campaign is exploiting a critical zero-day vulnerability (CVE-2025-20393) in Cisco's Secure Email Gateway and Web Manager…

SonicWall has issued an urgent alert for SMA1000 appliance users to apply a critical update, as active attacks exploit a…

CISA has mandated federal agencies to patch a critical, actively exploited vulnerability (CVE-2025-58360) in GeoServer that allows attackers to steal…

A critical vulnerability (CVE-2025-10573) in Ivanti's Endpoint Manager allows unauthenticated attackers to execute arbitrary code by tricking an administrator into…

A critical security flaw (CVE-2025-9242) in WatchGuard Firebox firewalls is being actively exploited, prompting CISA to issue an urgent patch…

An international law enforcement effort led by Europol and Eurojust dismantled over 1,000 servers used by major malware families like…

Microsoft's emergency security update KB5070881, intended to fix a critical remote code execution vulnerability (CVE-2025-59287), inadvertently disrupted hotpatching on some…

A critical vulnerability (CVE-2024-36401) in GeoServer was exploited to breach a U.S. federal agency's network after attackers compromised an unpatched…

Canada's House of Commons faces a cyberattack compromising sensitive employee data, including names, job titles, and email addresses, raising identity…