vulnerability
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)
Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted …
RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)
A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has …
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)
An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being …
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)
Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed …
Airplay-enabled devices open to attack via “AirBorne” vulnerabilities
Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise …
Most critical vulnerabilities aren’t worth your attention
Web applications face a wide range of risks, including known-exploitable vulnerabilities, supply chain attacks, and insecure identity configurations in CI/CD, according to the …
Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). …
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise …
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All …
Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating …
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting …
Critical flaws fixed in Nagios Log Server
The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The …
Featured news
Resources
Don't miss
- Smart glasses are back, privacy issues included
- Cybersecurity planning keeps moving toward whole-of-society models
- Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk
- Global Threat Map: Open-source real-time situational awareness platform
- How Secure by Design helps developers build secure software