The Cybersecurity and Infrastructure Security Agency (CISA) has issued a formal advisory regarding the active exploitation of a critical vulnerability within HPE OneView, the integrated IT infrastructure management solution by Hewlett Packard Enterprise. Designed...
A critical vulnerability in the globally used workflow automation platform n8n allows attackers to execute arbitrary code remotely. Tracked as CVE-2025-68613, the flaw carries an exceptionally high CVSS score of 9.9 out of 10....
Attackers are actively exploiting a newly discovered zero-day vulnerability in Gogs—a widely used self-hosted Git service—for which no official patch has yet been released. According to Wiz, the ongoing campaign has already compromised more...
DCOMRunAs instantiates COM objects in the session of a logged-on user on a remote machine. By targeting a COM object subject to DLL hijacking and dropping a custom DLL at that path, the payload...
A recently disclosed vulnerability in the 7-Zip archiver is already being weaponized in real-world attacks, according to a statement from NHS England Digital. The notice underscores that the flaw affects a widely used archival...
The Australian government has issued a warning about active cyberattacks targeting unprotected Cisco IOS XE devices used across corporate and government networks. According to the Australian Signals Directorate (ASD), attackers continue to infect routers...
Since the disclosure of two critical vulnerabilities in 7-Zip, the situation has escalated sharply: functional proof-of-concept exploits are now publicly available that reproduce attacks by altering extraction paths and injecting arbitrary files. This elevates...
Researchers from WatchTowr Labs have reported active exploitation of a critical vulnerability in Fortra’s GoAnywhere MFT file transfer management system. Tracked as CVE-2025-10035, the flaw stems from a deserialization bug in the License Servlet...
Researcher Nicholas Zubriski of Trend Research has disclosed a critical flaw in the ksmbd component of the Linux kernel, enabling attackers to remotely execute arbitrary code with the highest system privileges. The vulnerability, tracked...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two distinct malware frameworks uncovered within the network of an unnamed organization, following the exploitation of newly disclosed vulnerabilities in Ivanti...