Active security advisories, CVE alerts, and emerging threat notifications.
A coordinated campaign is targeting organizations using push-based multi-factor authentication, bombarding users with approval requests until they accidentally or deliberately…
Microsoft has disclosed a privilege escalation vulnerability in Exchange Server that allows attackers to relay NTLM credentials and impersonate users.…
A critical remote code execution vulnerability in Apache Struts allows attackers to execute arbitrary commands through manipulated file upload parameters.…
Multiple threat actors are actively exploiting chained vulnerabilities in Ivanti Connect Secure VPN appliances. The vulnerabilities allow unauthenticated remote code…
A maximum severity vulnerability in Cisco IOS XE allows unauthenticated attackers to create admin accounts on affected devices. Over 50,000…
A use-after-free vulnerability in the Linux kernel’s netfilter subsystem allows local attackers to escalate privileges to root. Public exploit code…
A critical authentication bypass vulnerability in FortiOS SSL VPN allows remote attackers to gain super-admin privileges through crafted HTTP requests.…
Multiple WordPress plugins were compromised through stolen developer credentials, with malicious code injected into plugin updates. The backdoors created admin…
A type confusion vulnerability in Chrome’s V8 JavaScript engine allows remote code execution through crafted web pages. The vulnerability has…
A race condition in OpenSSH’s signal handler allows unauthenticated remote code execution as root on glibc-based Linux systems. This is…