A critical vulnerability in the WatchGuard Fireware operating system allows attackers to execute arbitrary code on affected devices without prior authentication. The flaw impacts VPN services using the IKEv2 protocol, both for mobile user...
Developers using the Cursor and Windsurf IDEs are currently exposed to exploitation through at least 94 known vulnerabilities in Chromium and its JavaScript engine, V8. Both environments are built on outdated versions of Electron...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that a vulnerability in the Windows SMB protocol, identified as CVE-2025-33073, is already being actively exploited in real-world attacks. Classified as a...
A total of 269,000 F5 BIG-IP devices have been found exposed to remote access on the internet, despite the company’s recent admission of a large-scale compromise of its infrastructure. The discovery was made by...
Since the disclosure of two critical vulnerabilities in 7-Zip, the situation has escalated sharply: functional proof-of-concept exploits are now publicly available that reproduce attacks by altering extraction paths and injecting arbitrary files. This elevates...
The Google Project Zero team has disclosed a critical vulnerability in the Dolby DDPlus Unified Decoder that permits remote arbitrary code execution on Android devices without any user interaction. Tracked as CVE-2025-54957, the flaw...
The Asterisk development team has announced the release of Asterisk 23.0.0, now available for download on GitHub and the project’s official website. The new version addresses numerous user-reported bugs and introduces several enhancements aimed...
Microsoft has patched a critical vulnerability in the Kestrel web server for ASP.NET Core, tracked as CVE-2025-55315. Classified as an HTTP Request Smuggling flaw, it enables an authenticated attacker to “inject” additional requests into...
Researchers at VUSec have unveiled Training Solo, a study that calls into question the very foundations of defenses against Spectre-v2 attacks. Where isolation of prediction domains was long believed to eliminate the possibility of...
Gladinet has released a security update for its enterprise CentreStack solution that remedies a local file inclusion (LFI) vulnerability, CVE-2025-11371 (CVSS 6.2). Attackers have been actively exploiting this flaw as a zero-day since late...
The U.S. cybersecurity agency CISA has added a critical, actively exploited flaw in Adobe Experience Manager to its Known Exploited Vulnerabilities catalog: a configuration vulnerability, CVE-2025-54253, rated as a CVSS 10, which permits arbitrary...
Researchers at Trend Micro have documented a large-scale operation codenamed ZeroDisco, in which attackers weaponized a critical flaw in Cisco’s SNMP implementation (CVE-2025-20352, CVSS 9.0) to implant rootkits and execute arbitrary code on network...
