A critical vulnerability has been unearthed in a ubiquitous WordPress backup plugin, facilitating the unauthorized seizure of websites without the necessity of authentication. This security flaw afflicts the WPvivid Backup & Migration extension, a...
The Microsoft Defender threat intelligence team has documented a series of substantiated offensives targeting internet-facing SolarWinds Web Help Desk instances. Adversaries weaponized these vulnerable help desk servers as a primary point of ingress, subsequently...
The n8n workflow automation platform is once again embroiled in a significant security crisis. In a recently disseminated advisory, the developers disclosed a critical vulnerability that, if successfully weaponized, permits the execution of arbitrary...
A critical Remote Code Execution (RCE) vulnerability has been unearthed within the enterprise solution Quest KACE Desktop Authority, a platform widely utilized for the centralized administration of Windows workstations. The software instantiates an agent...
Threat actors persist in exploiting a critical vulnerability within VMware vCenter Server, notwithstanding the fact that the remediating patch was disseminated over a year ago. Broadcom has substantiated that this flaw is currently being...
Although telnet appeared to have receded into the shadows of antiquity alongside modems and dial-up, it has unexpectedly emerged as the font of a severe vulnerability. A flaw has been unearthed within GNU InetUtils...
A critical vulnerability within the SmarterMail mail server software, remediated by an update on January 15, was observed being actively weaponized by cyber-adversaries a mere forty-eight hours after the patch’s dissemination. This development was...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a formal advisory regarding the active exploitation of a critical vulnerability within HPE OneView, the integrated IT infrastructure management solution by Hewlett Packard Enterprise. Designed...
A critical vulnerability in the globally used workflow automation platform n8n allows attackers to execute arbitrary code remotely. Tracked as CVE-2025-68613, the flaw carries an exceptionally high CVSS score of 9.9 out of 10....
Attackers are actively exploiting a newly discovered zero-day vulnerability in Gogs—a widely used self-hosted Git service—for which no official patch has yet been released. According to Wiz, the ongoing campaign has already compromised more...
DCOMRunAs instantiates COM objects in the session of a logged-on user on a remote machine. By targeting a COM object subject to DLL hijacking and dropping a custom DLL at that path, the payload...
A recently disclosed vulnerability in the 7-Zip archiver is already being weaponized in real-world attacks, according to a statement from NHS England Digital. The notice underscores that the flaw affects a widely used archival...
