FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289)
A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially …
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. …
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be …
PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)
A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising …
PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)
Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow …
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept …
Public PoC exploit for 7-Zip vulnerability is available (CVE-2025-11001)
NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by …
A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn
A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on …
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)
A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache …
CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)
CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and …
Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)
CVE-2025-11371, an unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by …
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)
CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not …
Featured news
Resources
Don't miss
- Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited
- Cloud-audit: Fast, open-source AWS security scanner
- Zero trust, zero buzzwords: Here’s what it means
- HR, recruiters targeted in year-long malware campaign
- Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts