A critical vulnerability has been discovered in MongoDB that allows a remote attacker to access uninitialized server memory without any form of authentication. Assigned the identifier CVE-2025-14847, the flaw carries a CVSS score of...
Fortinet has warned administrators that real-world attacks are once again exploiting the vulnerability FG-IR-19-283 (CVE-2020-12812), first disclosed in July 2020. Under certain FortiGate configurations, the flaw allows attackers to bypass two-factor authentication and log...
Security researchers uncovered several vulnerabilities in Eurostar’s public chatbot, demonstrating that a “modern” LLM interface can fail for exactly the same reasons as traditional web services: weak server-side data binding, missing validation, and blind...
Commercial robots have proved far less secure than many assume. Security researchers are increasingly demonstrating that certain machines can be taken over in a matter of minutes, and that flaws in software logic can...
A critical vulnerability in the globally used workflow automation platform n8n allows attackers to execute arbitrary code remotely. Tracked as CVE-2025-68613, the flaw carries an exceptionally high CVSS score of 9.9 out of 10....
OpenAI has released a security update for ChatGPT Atlas, a browser equipped with a built-in “agent mode” that can browse the web and act within it almost like a human—clicking, typing, and carrying out...
WatchGuard has warned customers of a critical vulnerability in its Firebox firewalls that is already being actively exploited in real-world attacks. The flaw is a remote code execution vulnerability that allows attackers to seize...
Researchers have uncovered a vulnerability in the UEFI firmware implementations used on motherboards from several major manufacturers, including ASUS, Gigabyte, MSI, and ASRock. The flaw affects the earliest stage of system boot and enables...
A newly discovered vulnerability in FreeBSD components responsible for IPv6 configuration allows an attacker on the same local network to remotely execute arbitrary code on a target system. The flaw affects all supported versions...
Cisco has warned that threat actors are already exploiting a critical vulnerability in its widely deployed products, one that enables a complete takeover of affected systems, and that no patch was available at the...
Arctic Wolf reports the first confirmed intrusions into customer networks in which attackers logged into FortiGate devices via FortiCloud SSO shortly after the disclosure of two critical authentication-bypass vulnerabilities—CVE-2025-59718 and CVE-2025-59719. According to the...
Cymulate Research Labs has uncovered a local privilege escalation vulnerability in Microsoft Windows Admin Center (WAC) version 2.4.2.1, affecting all WAC installations up to version 2411. The issue stems not from an obscure logic...
