CISA looks to partners to shore up the future of the CVE Program
The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we …
NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) – updated!
Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been …
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)
CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not …
Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)
Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service …
Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)
“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the …
It’s time to sound the alarm on water sector cybersecurity
A cyberattack on a water facility can put entire communities and businesses at risk. Even a short disruption in clean water supply can have serious public health and safety …
Microsoft SharePoint servers under attack via zero-day vulnerability (CVE-2025-53770)
This is a developing story, new update here: Microsoft pins on-prem SharePoint attacks on Chinese threat actors Attackers are exploiting a zero-day variant (CVE-2025-53770) of …
SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles
Vulnerabilities affecting the SinoTrack GPS tracking platform may allow attackers to keep tabs on vehicles’ location and even perform actions such as disconnecting power …
NIST proposes new metric to gauge exploited vulnerabilities
NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and …
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known …
UK retailers under cyber attack: Co-op member data compromised
UK-based retailers Marks & Spencer, Co-op, and Harrods have been targeted by cyber attackers in the last few weeks. Whether the attacks have been mounted by the same …
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)
Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed …
Featured news
Resources
Don't miss
- Building the missing layers for an internet of agents
- What security leaders should watch for when companies buy or sell a business
- Malicious Rust packages targeted Web3 developers
- Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
- Smart grids are trying to modernize and attackers are treating it like an invitation