The 0patch team has reported that while analyzing CVE-2025-59230 in the Windows Remote Access Connection Manager (RasMan)—a flaw Microsoft addressed with its October 2025 updates—researchers uncovered a working exploit that enables local code execution...
The long-running React2Shell saga—which has continued to disrupt many web projects—has taken another turn: it has emerged that the original fix was incomplete. A deeper review uncovered two additional vulnerabilities in the React Server...
A newly discovered flaw in the Windows Remote Access Connection Manager (RasMan) service allows the operating system to be disrupted without administrative privileges. A free, unofficial fix is already available, while Microsoft prepares its...
Cisco has warned customers of a fresh wave of attacks against its firewalls: adversaries have been striking vulnerable appliances for at least six months, and in early November a new exploitation variant emerged. In...
Researcher Jose Pino unveiled a proof-of-concept for a vulnerability in the Blink rendering engine used by Chromium-based browsers, demonstrating how a single web page can, within seconds, incapacitate numerous popular browsers and halt a...
Researchers at Bitdefender have disclosed two critical vulnerabilities in the firmware of Dahua smart surveillance cameras. These flaws, rooted in the ONVIF protocol implementation and the file upload mechanism, enable attackers to gain full...
As electric vehicles steadily weave themselves into the fabric of everyday life, the essential infrastructure that powers them—charging stations—faces a mounting and deeply concerning threat. A study by security researcher Brandon Perry reveals that...
Citrix has issued a warning regarding a newly discovered critical vulnerability in its NetScaler appliances, which is already being actively exploited in the wild. Tracked as CVE-2025-6543, this flaw affects the widely deployed NetScaler...
The OpenVPN team has issued a warning regarding a vulnerability found in the Windows driver of its VPN client, which could allow malicious actors to crash the system. Catalogued as CVE-2025-50054, the flaw was...