Topic: vulnerability exploitation
-
FortiGate Firewalls Under Attack: Critical Auth Bypass Exploited
Attackers are actively exploiting a critical Fortinet firewall vulnerability (CVE-2025-59718) to bypass authentication and steal sensitive network configuration files containing encrypted credentials. The flaw, along with a related one (CVE-2025-59719), stems from improper cryptographic signature...
Read More » -
Fancy Bear Targets Ukraine, EU with Microsoft Office Flaw
The Russian-linked cyber group Fancy Bear is exploiting a critical Microsoft Office vulnerability (CVE-2026-21509) to target Ukrainian and EU organizations, deploying malware via malicious documents. The campaign uses a sophisticated attack chain involving COM hijacking and the Covenant C2 framew...
Read More » -
Google: Cloud Breaches Driven More by Flaws Than Weak Passwords
Exploiting software vulnerabilities has replaced weak passwords as the primary method for breaching cloud environments, accounting for nearly 45% of intrusions as attackers rapidly weaponize new flaws. The window for exploiting disclosed vulnerabilities has collapsed to mere days, with attackers ...
Read More » -
CISA Warns: BeyondTrust RCE Flaw Actively Exploited by Ransomware
A critical, unauthenticated remote code execution flaw (CVE-2026-1731) in BeyondTrust's remote support software is being actively exploited by ransomware groups, prompting urgent federal warnings. The vulnerability was a zero-day threat exploited before public disclosure, and its inclusion in CIS...
Read More » -
Hackers Actively Exploit Critical BeyondTrust RCE Flaw
A critical command injection vulnerability (CVE-2026-1731) in BeyondTrust's remote access software is being actively exploited, allowing unauthenticated attackers to run arbitrary commands on unpatched systems. Threat intelligence confirms widespread scanning and exploitation, with attackers abus...
Read More » -
SolarWinds Help Desk Flaw Under Active Attack
A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is under active attack, allowing unauthenticated attackers to execute remote code and gain administrative control, prompting urgent patching orders from US authorities. The flaw is one of four critical vulnerabilities, all with...
Read More » -
One Click Triggered a Stealthy Copilot Attack
A critical vulnerability in Microsoft's Copilot AI was patched, which could have allowed attackers to steal sensitive user data like name, location, and chat history with just a single click. The exploit tricked Copilot by using a malicious link with a disguised prompt, causing the AI to autonomo...
Read More » -
Exploit Alert: Actively Targeted HPE OneView Flaw (CVE-2025-37164)
A critical, actively exploited vulnerability (CVE-2025-37164) in HPE OneView allows unauthenticated remote code execution, prompting urgent patching. The flaw is especially dangerous because the management platform holds deep network access and broad control over servers and firmware, making it a...
Read More » -
WatchGuard Firewalls Hacked, Fake PoCs Target Security Pros
Critical vulnerabilities in widely used firewalls like WatchGuard are being actively exploited, requiring immediate patching to prevent network breaches. Threat actors are deploying sophisticated social engineering, such as malware disguised as exploit code, and leveraging darknet AI assistants t...
Read More » -
Cisco Zero-Day Exploited, Kali Linux 2025.4 Released
A critical zero-day vulnerability in Cisco's email security appliances is being actively exploited by a suspected Chinese-nexus group to compromise devices and erase logs, highlighting urgent patch management needs. Major vendors like Fortinet, SonicWall, and Apple are addressing serious, activel...
Read More » -
New Gladinet Triofox Flaw Exploited by Attackers (CVE-2025-12480)
A critical security flaw (CVE-2025-12480) in Gladinet Triofox allows unauthenticated attackers to bypass access controls and gain administrative privileges, which has been exploited by the threat group UNC6485 since late August 2025. Attackers used an HTTP Host header attack to access the configu...
Read More » -
Triofox Hack: Critical File-Sharing Flaw Exploited
A critical security vulnerability (CVE-2025-12480) in Gladinet's Triofox platform allows attackers to execute malicious code by exploiting improper access control and manipulating the antivirus feature, affecting versions prior to 16.7.10368.56560. The exploitation campaign, tracked as UNC6485, b...
Read More » -
Urgent: Critical Web Panel Flaw Actively Exploited (CVE-2025-48703)
A critical security vulnerability (CVE-2025-48703) in Control Web Panel (CWP) is being actively exploited, posing a severe threat to web hosting environments and prompting its addition to CISA's Known Exploited Vulnerabilities catalog. The flaw is an OS command injection that allows unauthenticat...
Read More » -
Zero-Day Attack Exploits Lanscope Endpoint Manager Flaw
A critical zero-day vulnerability (CVE-2025-61932) in Lanscope Endpoint Manager is being actively exploited, primarily targeting Japanese customers since April 2025. The flaw affects on-premises versions up to 9.4.7.1, allowing attackers to execute arbitrary code via TCP port 443, while the cloud...
Read More » -
Windows SMB Flaw Exploited, OAuth Apps Hijacked
Digital security faces escalating threats including active exploitation of critical Windows SMB and WSUS vulnerabilities, alongside attackers hijacking trusted OAuth applications to create persistent cloud backdoors. The attack surface is expanding dramatically as interconnected systems link oper...
Read More » -
Active Attack Exploits Critical Adobe Commerce, Magento Flaw
Security researchers have identified active exploitation of a critical Adobe Commerce and Magento vulnerability (CVE-2025-54236, SessionReaper), which allows attackers to hijack customer accounts and potentially execute remote code, with over 250 attack attempts blocked in a single day. The vulne...
Read More » -
Hackers Exploit Critical Oracle Flaw, CISA Confirms
CISA has added the critical Oracle E-Business Suite vulnerability CVE-2025-61884 to its Known Exploited Vulnerabilities catalog, confirming active exploitation and mandating federal agencies to patch by November 10, 2025. The vulnerability is an unauthenticated server-side request forgery (SSRF) ...
Read More » -
Urgent: Active Attacks Target Unpatched Gladinet Flaw (CVE-2025-11371)
A critical unauthenticated Local File Inclusion vulnerability (CVE-2025-11371) is actively being exploited, allowing attackers to remotely access any file on systems using Gladinet's CentreStack and Triofox platforms without credentials. Security researchers at Huntress confirmed real-world attac...
Read More » -
Urgent: CISA Warns of Active Attacks on Critical Adobe Flaw
CISA has issued a critical alert about active exploitation of a maximum-severity vulnerability (CVE-2025-54253) in Adobe Experience Manager, allowing attackers to execute malicious code on unpatched systems. The flaw, discovered by security researchers, enables unauthenticated attackers to bypass...
Read More » -
Fortra GoAnywhere MFT Zero-Day Actively Exploited
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT was exploited for over a week before a patch was released on September 18, 2025, allowing attackers to achieve remote code execution. The flaw, a deserialization vulnerability with a CVSS score of 10.0, enabled threat actors to ...
Read More » -
Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform, scoring 10.0 in severity, was exploited in zero-day attacks due to a deserialization flaw, with patches released on September 15, 2025. Evidence shows exploitation began as early as September 10, 2025, giving attackers an ...
Read More » -
DELMIA Factory Software Under Active Attack: Critical Vulnerability Exploited
A critical vulnerability (CVE-2025-5086) in DELMIA Apriso manufacturing software is being actively exploited, posing a major risk to global manufacturing sectors. The flaw, with a high CVSS score of 9.0, allows remote code execution and affects all releases from 2020 to 2025, prompting urgent pat...
Read More » -
300k+ Plex Servers Still Vulnerable to Attack, Git RCE Exploited
Over 300,000 Plex Media Server systems remain vulnerable to attack due to an unpatched critical flaw, risking media libraries and personal data. Multiple sectors face active threats, including Git systems exploited for remote code execution and NetScaler devices targeted via a zero-day vulnerabil...
Read More » -
Akira Ransomware Actively Exploits Critical SonicWall VPN Flaw
The Akira ransomware group is exploiting CVE-2024-40766, a known vulnerability in SonicWall VPN appliances, to breach unpatched corporate networks. Despite a patch being available since August 2024, incomplete updates and unchanged default credentials allow attackers to bypass security measures l...
Read More » -
CISA Warns of Active Attacks on 4 Critical Software Flaws
CISA has issued a critical alert, adding four actively exploited software vulnerabilities to its KEV catalog, impacting tools from Versa, Zimbra, Vite, and Prettier. The exploited flaws include an authentication bypass in Versa's SD-WAN platform, a file access bug in the Vite framework, a supply-...
Read More » -
Fortinet Critical Auth Bypass Flaw Remains Unpatched
A critical Fortinet SSO vulnerability (CVE-2025-59718) is being actively exploited via a bypass of the initial patch, allowing attackers to create unauthorized VPN accounts and steal configurations on fully updated devices. Fortinet has confirmed the attacks and is developing a new patch, while u...
Read More » -
State Hackers Exploit Most Software Vulnerabilities
State-sponsored hackers were responsible for over half of all attributed software vulnerability exploits in the first half of 2025, primarily targeting critical infrastructure and enterprise systems for espionage rather than financial gain. Chinese state-linked groups dominated these activities, ...
Read More » -
Bitdefender & NETGEAR: Rising Home Cybersecurity Threats
Modern homes face nearly triple the daily cybersecurity attacks compared to last year, with households averaging 22 connected devices and enduring about 29 attacks daily. Entertainment devices like streaming systems, smart TVs, and IP cameras are the most vulnerable, often unpatched and accountin...
Read More » -
Coruna Exploit Kit Targets Older iPhones in Multi-Stage Attack
The Coruna toolkit is a sophisticated exploit framework targeting iPhones on iOS 13.0 through 17.2.1, using multiple vulnerabilities to steal sensitive financial information. It has been used by both a suspected Russian cyber-espionage unit in Ukraine and a financially motivated Chinese group, wh...
Read More » -
Hackers Use SolarWinds Flaws to Deploy DFIR Tool in Attacks
Cybersecurity researchers have identified an active campaign exploiting critical vulnerabilities (CVE-2025-40551 and CVE-2025-26399) in SolarWinds Web Help Desk software to gain unauthorized access and deploy legitimate tools for malicious purposes. Attackers establish persistent control by insta...
Read More » -
Microsoft Office Patch: Urgent Fix for Russian-State Hackers
A Russian state-linked hacking group (APT28/Fancy Bear) rapidly exploited a critical Microsoft Office vulnerability (CVE-2026-21509) within two days of its patch, compromising diplomatic, transport, and defense organizations in multiple countries. The campaign was exceptionally stealthy, using en...
Read More » -
Patched FortiGate Firewalls Still Vulnerable to Hacks
A critical Fortinet firewall vulnerability (CVE-2025-59718) persists despite patches, allowing unauthorized admin access via the FortiCloud SSO feature even on the latest software versions. Fortinet is preparing new updates, but the immediate recommendation is to disable the "Allow administrative...
Read More » -
Windows Kernel Flaw Fixed, Fortinet Zero-Day Exploited
Cybersecurity demands constant vigilance against evolving threats like zero-day exploits and requires organizations to adopt layered defense strategies that combine awareness, collaboration, and resilience. Emerging technologies are reshaping security, with innovations such as touchless Wi-Fi ent...
Read More » -
Bitdefender & NETGEAR: Rising Threats to Your Connected Home
The average household now contains 22 connected devices and faces nearly 29 daily cyberattacks, a nearly threefold increase from the previous year, highlighting the growing threat to smart homes. Entertainment devices like streaming gadgets, smart TVs, and IP cameras are the most vulnerable, ofte...
Read More » -
Urgent Windows Update: 2-Week Security Deadline
Microsoft has released urgent security updates addressing two actively exploited zero-day vulnerabilities, with federal agencies mandated to patch within two weeks to prevent system compromise. CVE-2025-59230 is a local privilege escalation flaw in Windows Remote Access Connection Manager, while ...
Read More » -
Salesforce, CentreStack Hit by Hackers in Zero-Day Attacks
Major platforms like Salesforce and CentreStack have been compromised by zero-day vulnerabilities, underscoring the need for timely patching and robust security measures. Recent incidents include the Cl0p gang exploiting Oracle E-Business Suite flaws and North Korean hackers stealing over $2 bill...
Read More » -
Phishing Leads EU Cyber Intrusions, ENISA Reports
Phishing was the leading initial attack method in the EU, responsible for 60% of intrusions, with outdated mobile and OT systems being prime targets. DDoS attacks comprised 77% of all incidents, largely driven by hacktivism, but only 2% caused service disruptions, with groups like NoName057(16) e...
Read More » -
SonicWall VPN Attacks Intensify, MFA Bypassed
A ransomware group named Akira is exploiting SonicWall SSL VPN appliances, primarily through a known vulnerability (CVE-2024-40766), to bypass multi-factor authentication and gain unauthorized access. The attacks are highly automated and rapid, with intruders moving quickly to scan networks and d...
Read More » -
Chrome 0-Day Patched, npm Attack, LinkedIn AI Data Scandal
A large majority (89%) of enterprise AI usage is undetected by IT and security teams, posing significant data privacy and compliance risks. Security experts emphasize the importance of engineering-driven protection and secure-by-design approaches over mere compliance checkboxes. Emerging threats ...
Read More » -
Hackers Weaponize Hexstrike-AI to Speed Up Cyberattacks
A new AI-driven tool called Hexstrike-AI, designed for cybersecurity testing, is being misused by threat actors to rapidly exploit vulnerabilities, particularly targeting Citrix NetScaler zero-day flaws. The tool automates complex tasks like reconnaissance, exploit crafting, and payload deploymen...
Read More » -
Hackers Unleash HexStrike-AI to Exploit n-Day Flaws Faster
AI-powered tools like HexStrike-AI are being repurposed by cybercriminals to automate attacks, drastically reducing the time between vulnerability disclosure and exploitation. These attacks are targeting specific vulnerabilities in Citrix NetScaler appliances, with threat actors achieving remote ...
Read More » -
Critical FreeScout Flaw: Zero-Click RCE via Email (CVE-2026-28289)
A critical vulnerability (CVE-2026-28289) in FreeScout help desk software allows remote attackers to execute code and take over servers by sending a malicious email, bypassing a previous patch. The flaw exploits a filename validation bypass using a Zero-Width Space character, enabling attackers t...
Read More » -
BeyondTrust RCE exploited post-patch, United CISO on resilience
Cybersecurity resilience requires proactive continuity and modernization, especially for interconnected organizations facing rapidly exploited vulnerabilities like the BeyondTrust flaw (CVE-2026-1731) and zero-days used in high-stakes breaches. Major software vendors, including Microsoft and Appl...
Read More » -
SmarterTools Breached by Hackers Exploiting Own Software Flaw
The Warlock ransomware gang breached SmarterTools by exploiting an unpatched SmarterMail server, demonstrating how a single overlooked system can compromise an entire network. Attackers used a specific authentication bypass vulnerability to gain access, moved laterally with Windows tools, but wer...
Read More » -
Ransomware Attack Hits SmarterMail via Critical Flaw
A ransomware attack on SmarterTools began via an unpatched, employee-created virtual machine running outdated SmarterMail software, which allowed lateral movement into office and data center networks. The breach, attributed to the Warlock group exploiting a known vulnerability, led the company to...
Read More » -
Notepad++ Supply Chain Attack Exposed: Patch Tuesday Outlook
A sophisticated supply chain attack on Notepad++ by a Chinese state-sponsored group and the exploitation of a Microsoft Office flaw by Russian hackers highlight critical risks in software updates and patch management. Attackers are disabling modern security tools using a decade-old driver, while ...
Read More » -
Clop Ransomware Strikes Gladinet CentreStack, Steals Data
The Clop ransomware gang is actively targeting businesses using Gladinet CentreStack file-sharing servers by exploiting an unidentified vulnerability to steal sensitive data. Security researchers have identified at least 200 potentially vulnerable servers, and the Clop group has a history of succ...
Read More » -
RondoDox Botnet Exploits Critical XWiki Server Flaw
The RondoDox botnet malware is actively exploiting a critical remote code execution vulnerability (CVE-2025-24893) in XWiki Platform, as confirmed by U.S. cybersecurity authorities and VulnCheck. This malware uses manipulated HTTP requests to inject and execute malicious code, downloading scripts...
Read More » -
Zero-Day Attack Hits Gladinet File Sharing Software
A zero-day vulnerability (CVE-2025-11371) in Gladinet's CentreStack and Triofox platforms allows unauthenticated attackers to access sensitive files via Local File Inclusion, with at least three organizations already targeted. Attackers exploit the LFI flaw to retrieve machine keys and chain it w...
Read More » -
Nation-State Hackers Breach F5, Endangering Thousands of Customers
A nation-state hacking group infiltrated F5's networks, compromising thousands of organizations, including US government agencies and Fortune 500 companies, posing a severe global cybersecurity threat. The attackers maintained undetected access for years, enabling them to steal BIG-IP source code...
Read More »