Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Oracle
Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)

Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the …

Fortra GoAnywhere
Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch …

Commvault
Commvault plugs holes in backup suite that allow remote code execution

Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. …

Fortinet
Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)

Fortinet has released patches for a critical OS command injection vulnerability (CVE-2025-25256) in FortiSIEM, after practical exploit code surfaced in the wild. About …

Fortinet
Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)

With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web …

Netscaler
Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)

With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix …

SysAid
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!

WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind …

SonicWall
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed …

Commvault
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)

If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise …

backup
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)

A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and …

Veeam
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging …

Fortinet
Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)

Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that has been exploited as a zero-day …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools