PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)
A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising …
PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)
Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow …
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept …
Public PoC exploit for 7-Zip vulnerability is available (CVE-2025-11001)
NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by …
A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn
A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on …
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)
A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache …
CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)
CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and …
Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)
CVE-2025-11371, an unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by …
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)
CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not …
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC
Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, …
Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)
With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web …
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)
Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP …
Featured news
Resources
Don't miss
- Security work keeps expanding, even with AI in the mix
- Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)
- Google disrupts proxy network used by 550+ threat groups
- eScan AV users targeted with malicious updates
- Google agrees to pay $135 million over Android data harvesting claims