Topic: exploitation activity

Microsoft Fixes Critical WSUS Flaw Under Active Attack

October 25, 2025

88%

Microsoft Fixes Critical WSUS Flaw Under Active Attack

Microsoft has released an emergency patch for a critical, actively exploited vulnerability (CVE-2025-59287) in Windows Server Update Services, allowing unauthorized remote code execution without user interaction. The flaw is wormable and could enable attackers to take control of WSUS servers, pot...

Critical 'React2Shell' Vulnerability Exposes React.js

December 6, 2025

85%

Critical 'React2Shell' Vulnerability Exposes React.js

A critical vulnerability (CVE-2025-55182) in React.js and Next.js, dubbed React2Shell, allows unauthenticated remote code execution with a severity score of 10.0, posing a severe risk to servers. The flaw, exploitable via a simple HTTP request, impacts React Server Function endpoints and default ...

Hackers Exploit Gladinet CentreStack Flaw for RCE Attacks

December 13, 2025

80%

Hackers Exploit Gladinet CentreStack Flaw for RCE Attacks

A critical security flaw in Gladinet's CentreStack and Triofox platforms, due to hardcoded AES encryption keys, allows attackers to forge authentication tickets and gain remote code execution on servers. Attackers are actively exploiting this vulnerability, combining it with a known local file in...

Urgent ASUS Router Security Flaw Exposed

November 15, 2025

70%

Urgent ASUS Router Security Flaw Exposed

ASUS has released an urgent firmware update (version 1.1.2.3_1010) to fix a critical security flaw (CVE-2025-59367) that allows unauthorized remote access to DSL-AC51, DSL-N16, and DSL-AC750 routers without a password. For users unable to update immediately, ASUS recommends disabling internet-acc...