Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Windows 10
European Windows 10 users get an additional year of free security updates

Windows 10 users in the European Economic Area (EEA) will be able to receive extended security updates until October 14, 2026, without having to pay for them or to back up …

Cisco
Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352)

Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About …

email
Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689)

Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company …

SonicWall
SonicWall adds rootkit removal capabilities to the SMA 100 series

SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series appliances, adding file-checking capabilities that help users remove known rootkit malware. …

Fortra GoAnywhere
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)

If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting …

Patch Tuesday
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday

On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively …

Plex Media Server
Plex tells users to change passwords due to data breach, pushes server owners to upgrade

Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third …

Android
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)

Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” …

Apple
macOS vulnerability allowed Keychain and iOS app decryption without a password

Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with System Integrity …

Plex Media Server
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158

Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix earlier …

Fortinet
Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)

Fortinet has released patches for a critical OS command injection vulnerability (CVE-2025-25256) in FortiSIEM, after practical exploit code surfaced in the wild. About …

Adobe
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC

Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools