Topic: security advisory

Sort by: Relevance | Date
  • Critical WordPress AI Plugin Vulnerability Impacts 100K+ Sites
    July 31, 2025
    90%

    Critical WordPress AI Plugin Vulnerability Impacts 100K+ Sites

    A critical security flaw in the AI Engine WordPress plugin (scoring 8.8/10) exposes over 100,000 websites, allowing attackers with subscriber accounts to upload harmful files via the REST API. This is the fourth major vulnerability in July 2025, following a trend of similar high-severity flaws, i...

    Read More »
  • Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035
    September 27, 2025
    85%

    Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform, scoring 10.0 in severity, was exploited in zero-day attacks due to a deserialization flaw, with patches released on September 15, 2025. Evidence shows exploitation began as early as September 10, 2025, giving attackers an ...

    Read More »
  • SonicWall SMA100 Update Eradicates Rootkit Malware
    September 24, 2025
    80%

    SonicWall SMA100 Update Eradicates Rootkit Malware

    SonicWall has released a critical firmware update for its SMA 100 series appliances that can eradicate the OVERSTEP rootkit malware, which enables persistent unauthorized access and data theft. The update is urgent due to active attacks by threat actor UNC6148, who uses the rootkit to steal sensi...

    Read More »
  • SonicWall SMA 100 Series Now Fights Rootkits
    September 25, 2025
    78%

    SonicWall SMA 100 Series Now Fights Rootkits

    SonicWall has released a critical firmware update for its SMA 100 series to scan for and remove the OVERSTEP rootkit, patching vulnerabilities like CVE-2024-38475 in response to a sophisticated attack by threat group UNC6148. The attack involved using stolen credentials to gain unauthorized acces...

    Read More »
  • Microsoft Exchange Vulnerability Threatens Hybrid Cloud Security
    August 9, 2025
    75%

    Microsoft Exchange Vulnerability Threatens Hybrid Cloud Security

    A critical Microsoft Exchange vulnerability (CVE-2025-53786, CVSS 8.0) threatens hybrid cloud environments, enabling privilege escalation across on-premises and cloud systems with minimal detection. Microsoft urges immediate action, including applying April 2025 updates and reconfiguring authenti...

    Read More »
  • Millions of Cisco Devices Hit by Active 0-Day Attack
    September 25, 2025
    60%

    Millions of Cisco Devices Hit by Active 0-Day Attack

    A critical vulnerability (CVE-2025-20352) affects approximately two million Cisco devices, allowing attackers to crash systems or execute malicious code with the highest privileges. The flaw is a stack overflow bug in the SNMP processing component and is being actively exploited, prompting Cisco ...

    Read More »
  • Cisco Patches Critical Zero-Day Flaw Actively Under Attack
    September 26, 2025
    45%

    Cisco Patches Critical Zero-Day Flaw Actively Under Attack

    Cisco has released critical security patches for 14 vulnerabilities in its IOS and IOS XE software, including a high-severity flaw (CVE-2025-20352) that has been actively exploited as a zero-day. The vulnerability is a stack overflow in the SNMP subsystem, affecting a wide range of devices, and c...

    Read More »

Related Topics

cybersecurity threats (37) remote code execution (35) privilege escalation (31) vulnerability exploitation (22) zero-day exploit (6) firmware update (4) cve-2025-20352 (3) cisco ios (3)