Hackers have begun actively exploiting a newly disclosed vulnerability in the Windows Server Update Services (WSUS) component. The flaw, tracked as CVE-2025-59287, already has a publicly available proof-of-concept (PoC) exploit, dramatically increasing the likelihood...
Researchers from Team Z3 have withdrawn their planned demonstration of a WhatsApp vulnerability at the Pwn2Own Ireland 2025 hacking competition — an exploit that could have earned them a record $1 million prize. According...
On the second day of Pwn2Own Ireland 2025, participants delivered an impressive display of skill, uncovering 56 new zero-day vulnerabilities and earning a combined total of $792,750 in rewards. This marks the second phase...
The developers of BIND, the world’s most widely used domain name resolution software, have issued a warning about two critical vulnerabilities that allow attackers to tamper with DNS query results and redirect users to...
Hackers have begun actively exploiting a critical vulnerability in Adobe Commerce and Magento Open Source platforms, despite the issue having been officially patched last month. Over the past 24 hours, more than 250 attack...
A novel vulnerability was discovered in Microsoft 365 Copilot that permitted covert exfiltration of user data via an innocuous-looking Mermaid flowchart. The flaw lay in Copilot’s handling of a specially crafted document: the assistant...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered flaw in the Windows SMB component to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-33073, stems from an...
A critical vulnerability in the WatchGuard Fireware operating system allows attackers to execute arbitrary code on affected devices without prior authentication. The flaw impacts VPN services using the IKEv2 protocol, both for mobile user...
Developers using the Cursor and Windsurf IDEs are currently exposed to exploitation through at least 94 known vulnerabilities in Chromium and its JavaScript engine, V8. Both environments are built on outdated versions of Electron...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that a vulnerability in the Windows SMB protocol, identified as CVE-2025-33073, is already being actively exploited in real-world attacks. Classified as a...