The Australian government has issued a warning about active cyberattacks targeting unprotected Cisco IOS XE devices used across corporate and government networks. According to the Australian Signals Directorate (ASD), attackers continue to infect routers...
Since the disclosure of two critical vulnerabilities in 7-Zip, the situation has escalated sharply: functional proof-of-concept exploits are now publicly available that reproduce attacks by altering extraction paths and injecting arbitrary files. This elevates...
Researchers from WatchTowr Labs have reported active exploitation of a critical vulnerability in Fortra’s GoAnywhere MFT file transfer management system. Tracked as CVE-2025-10035, the flaw stems from a deserialization bug in the License Servlet...
Researcher Nicholas Zubriski of Trend Research has disclosed a critical flaw in the ksmbd component of the Linux kernel, enabling attackers to remotely execute arbitrary code with the highest system privileges. The vulnerability, tracked...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two distinct malware frameworks uncovered within the network of an unnamed organization, following the exploitation of newly disclosed vulnerabilities in Ivanti...
Researchers from Doyensec, together with an independent author known as BitsByWill, have publicly demonstrated a working exploitation chain that enables remote execution of code in the Linux kernel via KSMBD — the in-kernel SMB3...
SAP has addressed two critical vulnerabilities in the NetWeaver Java application server that could allow attackers to execute arbitrary code and fully compromise affected systems. The security updates, released in September 2025, remediate CVE-2025-42922...
Researchers at Oligo Security have uncovered a vulnerability in Apple CarPlay that enables remote code execution with root privileges, granting attackers full control over a vehicle’s multimedia system. The flaw, registered as CVE-2025-24132, resides...
A critical vulnerability has been identified in Apache Jackrabbit, exposing systems to remote code execution and the potential compromise of corporate infrastructure. Tracked as CVE-2025-58782, the flaw impacts two key components — Jackrabbit Core...
Penelope is a powerful shell handler built as a modern netcat replacement for RCE exploitation, aiming to simplify, accelerate, and optimize post-exploitation workflows. Features Session Features Description Unix with Python>=2.3 Unix without Python>=2.3 Windows...
A critical vulnerability, CVE-2025-42957, has been identified in SAP S/4HANA, carrying a near-maximum CVSS score of 9.9. The flaw enables users with only minimal privileges to execute arbitrary code, effectively granting them full control...
TP-Link has confirmed the existence of a new zero-day vulnerability affecting several of its router models. The flaw was first identified by an independent security researcher operating under the alias Mehrun (ByteRay), who reported...
