Please turn on your JavaScript for this page to function normally.
Patch Tuesday
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)

For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users …

Metasploit, 2nd Edition
Review: Metasploit, 2nd Edition

If you’ve spent any time in penetration testing, chances are you’ve crossed paths with Metasploit. The second edition of Metasploit tries to bring the book in line with how …

LockBit
LockBit hacked: What does the leaked data show?

The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing …

SonicWall
Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)

SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete …

SAP
Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)

CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file …

CrushFTP
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the …

Next.js
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …

Veeam
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging …

leaders
Cybersecurity needs a leader, so let’s stop debating and start deciding

Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes …

PostgreSQL
A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, …

ransomware
Ransomware payments plummet as more victims refuse to pay

Chainalysis’ latest report on how the ransomware landscape changed from 2023 to 2024 shows a promising trend: An increasing number of victims refuses to pay the ransom. …

SonicWall
5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools