vulnerability
Croatian research institute confirms ransomware attack via ToolShell vulnerabilities
The Ruđer Bošković Institute (RBI), the largest Croatian science and technology research institute, has confirmed that it was the one of “at least 9,000 institutions …
Win-DDoS: Attackers can turn public domain controllers into DDoS agents
SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one …
WinRAR zero-day exploited by RomCom hackers in targeted attacks
ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components …
SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls
Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. …
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC
Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, …
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987)
Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform …
Millions of Dell laptops could be persistently backdoored in ReVault attacks
A set of firmware vulnerabilities affecting 100+ Dell laptop models widely used in government settings and by the cybersecurity industry could allow attackers to achieve …
Storm-2603 spotted deploying ransomware on exploited SharePoint servers
One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft …
Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
Sonicwall is asking customers running specific Secure Mobile Access (SMA) 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible. …
Maximum severity Cisco ISE vulnerabilities exploited by attackers
One or more vulnerabilities affecting Cisco Identity Services Engine (ISE) are being exploited in the wild, Cisco has confirmed by updating the security advisory for the …
Microsoft pins on-prem SharePoint attacks on Chinese threat actors
This is a developing story, new update here: Storm-2603 spotted deploying ransomware on exploited SharePoint servers As Microsoft continues to update its customer guidance for …
Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)
Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable …
Featured news
Resources
Don't miss
- Smart glasses are back, privacy issues included
- Cybersecurity planning keeps moving toward whole-of-society models
- Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk
- Global Threat Map: Open-source real-time situational awareness platform
- How Secure by Design helps developers build secure software