Gladinet has released a security update for its enterprise CentreStack solution that remedies a local file inclusion (LFI) vulnerability, CVE-2025-11371 (CVSS 6.2). Attackers have been actively exploiting this flaw as a zero-day since late...
The U.S. cybersecurity agency CISA has added a critical, actively exploited flaw in Adobe Experience Manager to its Known Exploited Vulnerabilities catalog: a configuration vulnerability, CVE-2025-54253, rated as a CVSS 10, which permits arbitrary...
Researchers at Trend Micro have documented a large-scale operation codenamed ZeroDisco, in which attackers weaponized a critical flaw in Cisco’s SNMP implementation (CVE-2025-20352, CVSS 9.0) to implant rootkits and execute arbitrary code on network...
Yesterday, Microsoft released its traditional October security update, addressing 172 vulnerabilities across its products. The patch includes six dangerous zero-day flaws and eight critical vulnerabilities — five enabling remote code execution, and three allowing...
A critical vulnerability has been discovered in AMD’s SEV-SNP hardware protection architecture — widely deployed by major cloud providers such as AWS, Microsoft Azure and Google Cloud — that allows a malicious hypervisor to...
The Microsoft Edge Security Team has introduced sweeping changes to the operation of Internet Explorer Mode after confirming a series of targeted cyberattacks exploiting its legacy components. Experts discovered that malicious actors had been...
The market has begun to see the emergence of the first truly functional solutions that harness artificial intelligence to detect vulnerabilities in source code. This new generation of AI-SAST systems — often referred to...
Analysts at Huntress have detected active exploitation attempts targeting a newly discovered vulnerability in CentreStack and TrioFox products by Gladinet. Tracked as CVE-2025-11371, the flaw is classified as a Local File Inclusion (LFI) vulnerability...
Researchers at FireTail have discovered the resurrection of an old-class flaw — ASCII Smuggling — now resurfacing in a modern guise capable of subverting contemporary artificial-intelligence systems. In September 2025, the team evaluated a...
Two critical vulnerabilities discovered in the 7-Zip archiver allowed remote execution of arbitrary code when processing ZIP files. The flaws stemmed from how the program handled symbolic links within archives, enabling attackers to traverse...
In June 2025, a researcher operating under the pseudonym rick disclosed a critical vulnerability in GitHub Copilot dubbed CamoLeak, rated CVSS 9.6. The flaw enabled an attacker to surreptitiously exfiltrate sensitive information and source...
Wiz researchers have recently disclosed a critical vulnerability in Redis affecting version 8.2.1 and earlier releases. Tracked as CVE-2025-49844 with a CVSS score of 10, the flaw stems from unsafe memory handling during the...
