Please turn on your JavaScript for this page to function normally.
SentinelOne
Trump orders revocation of security clearances for Chris Krebs, SentinelOne

Update: April 17, 09:56 AM – Chris Krebs stepped away from his position at SentinelOne. US President Donald Trump has signed an Executive Order on Wednesday to revoke …

Fortinet
FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)

Fortinet has released patches for flaws affecting many of its products, among them a critical vulnerability (CVE-2024-48887) in its FortiSwitch appliances that could allow …

WhatsApp
WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)

WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running …

CentreStack
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)

A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited …

Patch Tuesday
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. …

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334)

WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security …

Ivanti
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances …

Cisco
Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the …

Phishing
Phishers are increasingly impersonating electronic toll collection companies

Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, …

Gmail
Google is making sending end-to-end encrypted emails easy

Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will …

Europe
North Korean IT workers set their sights on European organizations

North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in …

CrushFTP
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools