Since the introduction of serialization through the Marshal module in the Ruby programming language, developers and security experts have been drawn into a protracted game of “bypass and patch.” The history of these vulnerabilities...
Cisco has issued an advisory regarding a critical vulnerability in the RADIUS subsystem of its Secure Firewall Management Center software. Tracked as CVE-2025-20265, the flaw has received the maximum CVSS score of 10.0. It...
Zoom has patched a critical vulnerability in its Windows clients, while Xerox has issued fixes for severe flaws in its FreeFlow Core system. Both issues posed significant threats—ranging from privilege escalation to remote code...
Fortinet has disclosed a critical vulnerability in its FortiSIEM system, already accompanied by a working exploit circulating publicly. The flaw enables a remote, unauthenticated attacker to execute arbitrary commands on the targeted system, making...
Researchers have determined that a critical flaw in the SSH stack implementation of Erlang/Open Telecom Platform had been actively exploited as early as May 2025, with roughly 70% of detections targeting firewalls safeguarding industrial...
Experts at Claroty have uncovered a series of critical vulnerabilities in Axis Communications’ video surveillance product line which, if successfully exploited, could grant an attacker complete control over the affected devices. At risk are...
Critical vulnerabilities have been discovered in the Broadcom ControlVault microchip, a component responsible for storing sensitive data on over a hundred models of Dell laptops. According to Cisco Talos, this cluster of vulnerabilities allows...
Critical vulnerabilities discovered in the NVIDIA Triton Inference Server platform pose a significant threat to the security of AI infrastructure across both Windows and Linux environments. This concerns an open-source solution designed for large-scale...
A critical vulnerability has been discovered in the Squid proxy server, enabling remote execution of arbitrary code. The flaw affects nearly all actively used versions, and given the widespread deployment of Squid, millions of...
A critical vulnerability has been discovered in the Cursor source code editor, an AI-powered tool designed to assist programmers. The flaw, identified as CVE-2025-54135 and dubbed CurXecute, affects nearly all versions of the IDE...
In the autumn of 2024, the InfoSect bug hunting team prepared a remote code execution attack targeting the Synology TC500 IP camera for entry in the Pwn2Own Ireland competition. The exploitation hinged on a...
A critical vulnerability has been discovered in the widely used WordPress theme “Alone — Charity Multipurpose Non-profit”, which is already being exploited by malicious actors to compromise websites. Tracked as CVE-2025-5394, the flaw has...
Researchers at Bitdefender have disclosed two critical vulnerabilities in the firmware of Dahua smart surveillance cameras. These flaws, rooted in the ONVIF protocol implementation and the file upload mechanism, enable attackers to gain full...
A critical vulnerability has been discovered in Google’s newly released command-line interface tool, Gemini CLI, which could allow attackers to covertly execute malicious commands and exfiltrate data from developers’ machines—provided certain commands are permitted...
In mid-July, cybersecurity experts at Kaspersky Lab reported a widespread campaign targeting on-premises Microsoft SharePoint servers across the globe. The exploit chain, dubbed ToolShell, enables attackers to gain full control over vulnerable systems by...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in the widely used print management software, PaperCut NG and MF. The flaw,...
