Please turn on your JavaScript for this page to function normally.
NIST
NIST proposes new metric to gauge exploited vulnerabilities

NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and …

Google Chrome
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known …

M&S, Coop, Harrods
UK retailers under cyber attack: Co-op member data compromised

UK-based retailers Marks & Spencer, Co-op, and Harrods have been targeted by cyber attackers in the last few weeks. Whether the attacks have been mounted by the same …

SonicWall
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed …

CISA
CISA warns about actively exploited Broadcom, Commvault vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault …

SonicWall
Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)

CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating …

CentreStack
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)

A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited …

Cisco
Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the …

Ivanti
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who …

CMS8000 Patient Monitor
Patient monitors with backdoor are sending info to China, CISA warns

Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a …

vulnerabilities
What 2024 taught us about security vulnerabilties

From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical …

Ivanti
UK domain registry Nominet breached via Ivanti zero-day

The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools