Researchers from WatchTowr Labs have reported active exploitation of a critical vulnerability in Fortra’s GoAnywhere MFT file transfer management system. Tracked as CVE-2025-10035, the flaw stems from a deserialization bug in the License Servlet...
Researcher Nicholas Zubriski of Trend Research has disclosed a critical flaw in the ksmbd component of the Linux kernel, enabling attackers to remotely execute arbitrary code with the highest system privileges. The vulnerability, tracked...
Supermicro server motherboards contain critical vulnerabilities in their Baseboard Management Controller (BMC): researchers at Binarly discovered a way to install malicious firmware that executes before the operating system and is effectively irreversible. Reportedly, one...
A critical vulnerability, CVE-2025-10184, has been identified in the OxygenOS operating system used on OnePlus smartphones, allowing any application on the device to read the contents of SMS messages and related metadata without requesting...
Cisco has released security updates addressing a zero-day in IOS and IOS XE that is already being exploited in the wild. CVE-2025-20352 is a stack-based buffer-overflow in the SNMP subsystem that affects any device...
Researchers at the University of Waterloo have demonstrated that even when encryption is employed, the actions of robotic assistants can be inferred with near-perfect accuracy. Their study revealed that by analyzing network traffic, it...
Researchers from VUSec, together with engineers at Google, have published a detailed account of a newly identified chain of vulnerabilities and the exploit known as “L1TF Reloaded,” which targets Intel processors from the Skylake...
Researchers at SPLX have demonstrated that ChatGPT can be deceived with carefully crafted prompts and compelled to solve CAPTCHA tests — a task long considered the exclusive domain of humans. This experiment casts doubt...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two distinct malware frameworks uncovered within the network of an unnamed organization, following the exploitation of newly disclosed vulnerabilities in Ivanti...
OpenAI has patched a critical vulnerability known as ShadowLeak, which allowed its cloud-based agent Deep Research to silently siphon personal data from connected sources and exfiltrate it to external servers—even without the victim opening...