Please turn on your JavaScript for this page to function normally.
High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)

A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The …

Netscaler
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The …

Linux
Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)

Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most …

mobile spyware
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)

A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite …

Mirai
Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)

Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned. …

roundcube
Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113)

With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks …

SimpleHelp
Attackers hit MSP, use its RMM software to deliver ransomware to clients

A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via …

NASA
Vulnerabilities found in NASA’s open source software

Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of …

Windows Server
Unpatched Windows Server vulnerability allows full domain compromise

A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The …

WordPress
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)

A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated …

Google Chrome
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known …

Samsung MagicINFO
Samsung patches MagicINFO 9 Server vulnerability exploited by attackers

Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools