Please turn on your JavaScript for this page to function normally.
SimpleHelp
Attackers hit MSP, use its RMM software to deliver ransomware to clients

A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via …

NASA
Vulnerabilities found in NASA’s open source software

Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of …

Windows Server
Unpatched Windows Server vulnerability allows full domain compromise

A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The …

WordPress
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)

A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated …

Google Chrome
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known …

Samsung MagicINFO
Samsung patches MagicINFO 9 Server vulnerability exploited by attackers

Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to …

Ivanti
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)

Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number …

SonicWall
Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)

SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete …

SysAid
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!

WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind …

Android
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)

Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted …

Langflow
RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has …

Samsung MagicINFO
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)

An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools