In recent days it has become apparent that FortiWeb had been accumulating issues the manufacturer chose not to disclose in advance. After Fortinet acknowledged active exploitation of the critical vulnerability CVE-2025-64446 — which allows...
A recently disclosed vulnerability in the 7-Zip archiver is already being weaponized in real-world attacks, according to a statement from NHS England Digital. The notice underscores that the flaw affects a widely used archival...
A new wave of attacks targeting infrastructure built around modern machine-learning systems has been uncovered by the Oligo Security team. Researchers found that a group of threat actors has launched a large-scale operation, dubbed...
Google has released new updates for the Chrome browser amid yet another wave of attacks exploiting a flaw in the V8 engine. The company confirmed that one of the vulnerabilities is already being weaponized...
ASUS has released new firmware addressing a critical authentication-bypass vulnerability affecting several DSL-series home routers. Catalogued as CVE-2025-59367, the flaw allows a remote attacker to access the device without any credentials whatsoever. The attack...
WiFi 7, the latest generation of wireless networking, promises breathtaking speeds and far greater stability — yet it also brings an unfamiliar set of technical subtleties. Home routers are shifting to triple-band configurations, and...
The recent surge in activity surrounding an XWiki vulnerability underscores how swiftly weaknesses in widely used platforms can be transformed into launchpads for large-scale attacks. The unfolding pattern makes clear that once the first...
Logitech has informed the U.S. Securities and Exchange Commission (SEC) that it experienced unauthorized data exfiltration as a result of a previously unknown vulnerability in third-party software. The incident involved targeted access to a...
A serious issue has been uncovered in the digital photo-frame market: Android-based devices sold under the Uhale brand are downloading malicious components during system startup and contain a series of critical vulnerabilities that allow...
A flaw has been uncovered in the Linux-hosting ecosystem: the ImunifyAV malware scanner has been found vulnerable to remote code execution (RCE). The issue affects the AI-Bolit component embedded within Imunify360, the paid ImunifyAV+,...
In its November Patch Tuesday release, Microsoft addressed 63 vulnerabilities, including a critical zero-day flaw that had already been exploited in the wild. This month’s patches span a broad spectrum of Windows components and...
OWASP has updated its list of the most critical risks for web applications, introducing two new categories and revising the structure of its ranking. The organization has published a draft of the 2025 edition,...
