Please turn on your JavaScript for this page to function normally.
SAP
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)

A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made …

Fortinet
Brute-force attacks hammer Fortinet devices worldwide

A surge in brute-force attempts targeting Fortinet SSL VPNs that was spotted earlier this month could be a portent of imminent attacks leveraging currently undisclosed …

Fortinet
Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)

Fortinet has released patches for a critical OS command injection vulnerability (CVE-2025-25256) in FortiSIEM, after practical exploit code surfaced in the wild. About …

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian …

Microsoft SharePoint
Storm-2603 spotted deploying ransomware on exploited SharePoint servers

One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft …

SharePoint
Microsoft pins on-prem SharePoint attacks on Chinese threat actors

This is a developing story, new update here: Storm-2603 spotted deploying ransomware on exploited SharePoint servers As Microsoft continues to update its customer guidance for …

CrushFTP
Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)

Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable …

Microsoft SharePoint
Microsoft SharePoint servers under attack via zero-day vulnerability (CVE-2025-53770)

This is a developing story, new update here: Microsoft pins on-prem SharePoint attacks on Chinese threat actors Attackers are exploiting a zero-day variant (CVE-2025-53770) of …

Fortinet
Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)

With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web …

Wing FTP Server
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)

Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP …

Netscaler
Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)

With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix …

mobile spyware
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)

A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools