Topic: patch availability
-
WatchGuard Issues Critical Firewall Vulnerability Alert
WatchGuard has disclosed a critical remote code execution vulnerability (CVE-2025-9242) in its Firebox firewalls, allowing unauthenticated attackers to run arbitrary code on affected devices. The flaw impacts Fireware OS versions 11.x, 12.x, and 2025.1, specifically when IKEv2 VPN is configured, ...
Read More » -
Critical Security Flaw in Commvault Backup Suite Allows Remote Code Execution
A critical security vulnerability in on-premises Commvault deployments allows unauthenticated attackers to execute remote code by chaining four distinct flaws (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, and CVE-2025-57791). These vulnerabilities impact essential components like the Web Serve...
Read More » -
87K MongoDB Servers Exposed by Critical Flaw
A critical, high-severity vulnerability (CVE-2025-14847) in MongoDB, dubbed MongoBleed, is being actively exploited, allowing unauthenticated attackers to remotely steal secrets from tens of thousands of exposed servers. The flaw exploits a bug in the zlib compression library, where a specially c...
Read More » -
Cisco Customers Vulnerable to New Chinese Hacking Campaign
A Chinese state-sponsored hacking campaign is exploiting a critical zero-day vulnerability (CVE-2025-20393) in Cisco's Secure Email Gateway and Web Manager software, primarily targeting systems in India, Thailand, and the United States. The attack surface is limited to hundreds of systems, as exp...
Read More » -
Patch Now: Public Exploits for FortiWeb RCE Flaw (CVE-2025-25257)
CVE-2025-25257 is a critical remote code execution flaw in FortiWeb's Fabric Connector, allowing attackers to inject SQL commands via HTTP/S requests and gain root access, prompting urgent patching. Public proof-of-concept exploits have emerged, lowering the attack barrier, with unauthent...
Read More » -
Bluetooth Security Flaws Expose Microphones to Hackers
Bluetooth security vulnerabilities in major audio brands (Bose, Sony, Jabra, JBL) could allow hackers to hijack microphones and access sensitive data within Bluetooth range. Flaws in Airoha SoC components enable risks like audio interception, unauthorized calls, data extraction, and remote code e...
Read More » -
Zero-Day Attack Hits Gladinet File Sharing Software
A zero-day vulnerability (CVE-2025-11371) in Gladinet's CentreStack and Triofox platforms allows unauthenticated attackers to access sensitive files via Local File Inclusion, with at least three organizations already targeted. Attackers exploit the LFI flaw to retrieve machine keys and chain it w...
Read More » -
Abandoned Rust Library Flaw Sparks RCE Attack Risk
A critical security vulnerability (CVE-2025-62518) in the abandoned async-tar and tokio-tar Rust libraries allows remote code execution via desynchronization during TAR archive extraction, enabling attackers to insert malicious entries without authentication. The flaw, named TARmageddon, arises f...
Read More » -
Expired Certificate Breaks Logitech Apps on macOS, Erases Settings
A critical security certificate expiration caused Logitech's Options+ and G Hub software on macOS to fail, wiping user settings and preventing the apps from launching. The expired certificate also broke the apps' automatic update function, forcing users to manually download and install a patch fr...
Read More »