Hackers have begun actively exploiting a critical vulnerability in Adobe Commerce and Magento Open Source platforms, despite the issue having been officially patched last month. Over the past 24 hours, more than 250 attack...
A novel vulnerability was discovered in Microsoft 365 Copilot that permitted covert exfiltration of user data via an innocuous-looking Mermaid flowchart. The flaw lay in Copilot’s handling of a specially crafted document: the assistant...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered flaw in the Windows SMB component to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-33073, stems from an...
A critical vulnerability in the WatchGuard Fireware operating system allows attackers to execute arbitrary code on affected devices without prior authentication. The flaw impacts VPN services using the IKEv2 protocol, both for mobile user...
Developers using the Cursor and Windsurf IDEs are currently exposed to exploitation through at least 94 known vulnerabilities in Chromium and its JavaScript engine, V8. Both environments are built on outdated versions of Electron...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that a vulnerability in the Windows SMB protocol, identified as CVE-2025-33073, is already being actively exploited in real-world attacks. Classified as a...
A total of 269,000 F5 BIG-IP devices have been found exposed to remote access on the internet, despite the company’s recent admission of a large-scale compromise of its infrastructure. The discovery was made by...
Since the disclosure of two critical vulnerabilities in 7-Zip, the situation has escalated sharply: functional proof-of-concept exploits are now publicly available that reproduce attacks by altering extraction paths and injecting arbitrary files. This elevates...
The Google Project Zero team has disclosed a critical vulnerability in the Dolby DDPlus Unified Decoder that permits remote arbitrary code execution on Android devices without any user interaction. Tracked as CVE-2025-54957, the flaw...
The Asterisk development team has announced the release of Asterisk 23.0.0, now available for download on GitHub and the project’s official website. The new version addresses numerous user-reported bugs and introduces several enhancements aimed...
Microsoft has patched a critical vulnerability in the Kestrel web server for ASP.NET Core, tracked as CVE-2025-55315. Classified as an HTTP Request Smuggling flaw, it enables an authenticated attacker to “inject” additional requests into...
Researchers at VUSec have unveiled Training Solo, a study that calls into question the very foundations of defenses against Spectre-v2 attacks. Where isolation of prediction domains was long believed to eliminate the possibility of...
