Adversaries initiated a targeted reconnaissance campaign against vulnerable PraisonAI nodes less than four hours following the public disclosure of a critical security defect. An automated scanning entity identifying as CVE-Detector/1.0 launched offensives against exposed...
WordPress websites have once again fallen under siege due to a critical flaw in a popular extension. On this occasion, adversaries have targeted Burst Statistics—an analytics plugin deployed across approximately 200,000 web resources. The...
The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has concurrently appended a triad of vulnerabilities to its Known Exploited Vulnerabilities catalog—a repository exclusively reserved for security aberrations actively weaponized by digital...
A critical vulnerability has been unearthed within the widely utilized Java authentication library, pac4j-jwt, empowering a malicious actor to masquerade as any system user, administrators included. This severe flaw has been designated the identifier...
A critical vulnerability has been unearthed within a ubiquitous component of supercomputing clusters, having resided surreptitiously within the source code for nearly two decades. This flaw empowers a local adversary to exfiltrate the secret...
A critical vulnerability within the Teleport remote access framework has been unearthed and meticulously deconstructed, revealing a methodology to circumvent authentication and gain entry to protected nodes without valid credentials. A security researcher has...
Cybersecurity specialists at Arctic Wolf have identified a nascent wave of incursions targeting Fortinet FortiGate firewalls. Adversaries are orchestrating a mass recalibration of device configurations to secure unauthorized access and establish systemic persistence within...
A critical vulnerability within the SmarterMail mail server software, remediated by an update on January 15, was observed being actively weaponized by cyber-adversaries a mere forty-eight hours after the patch’s dissemination. This development was...
Arctic Wolf reports the first confirmed intrusions into customer networks in which attackers logged into FortiGate devices via FortiCloud SSO shortly after the disclosure of two critical authentication-bypass vulnerabilities—CVE-2025-59718 and CVE-2025-59719. According to the...
A critical vulnerability has been discovered in the popular WordPress theme Service Finder, allowing attackers to gain unauthorized access to any account on affected websites — including administrative ones. The issue stems from the...
Base44, a widely used platform for AI-assisted application development, was recently found to be critically vulnerable due to a glaring misconfiguration in its authentication system. The flaw allowed malicious actors to gain unrestricted access...
In mid-July, cybersecurity experts at Kaspersky Lab reported a widespread campaign targeting on-premises Microsoft SharePoint servers across the globe. The exploit chain, dubbed ToolShell, enables attackers to gain full control over vulnerable systems by...
