Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)
A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized …
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329)
A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 …
Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited …
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers …
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server …
Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)
CVE-2025-11371, an unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by …
From theory to training: Lessons in making NICE usable
SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train …
Attackers compromised ALL SonicWall firewall configuration backup files
The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, …
Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247)
Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has …
Akira ransomware: From SonicWall VPN login to encryption in under four hours
Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have …
Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352)
Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About …
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)
If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting …