Vulnerability

Fortinet unearths another critical bug as SSO accounts borked post-patch

More work for admins on the cards as they await a full dump of fixes

Security28 Jan 2026 | 3

Old Windows quirks help punch through new admin defenses

Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature

Security28 Jan 2026 | 12

Fortinet admits FortiGate SSO bug still exploitable despite December patch

Fix didn't quite do the job – attackers spotted logging in

CSO23 Jan 2026 | 3

Ancient telnet bug happily hands out root to attackers

Critical vuln flew under the radar for a decade

Patches22 Jan 2026 | 46

RondoDox botnet linked to large-scale exploit of critical HPE OneView bug

Check Point observes 40K+ attack attempts in 4 hours, with government organizations under fire

Cyber-crime16 Jan 2026 | 2

China-linked cybercrims abused VMware ESXi zero-days a year before disclosure

Huntress analysis suggests VM escape bugs were already weaponized in the wild

Virtualization09 Jan 2026 |

CISA flags actively exploited Office relic alongside fresh HPE flaw

Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago

Cyber-crime08 Jan 2026 | 6

Maximum-severity n8n flaw lets randos run your automation server

Unauthenticated RCE means anyone on the network can seize full control

Patches08 Jan 2026 | 12

Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions

infosec in brief Also, Korean Air hacked, EmEditor installer hijacked, a perfect 10 router RCE vuln, and more

Security04 Jan 2026 | 11

Brit lands invite-only Aussie visa after uncovering vuln in government systems

Jacob Riggs is set to swap London for Sydney some time in the next year

Security02 Jan 2026 | 43

An early end to the holidays: 'Heartbleed of MongoDB' is now under active exploit

You didn't think you'd get to enjoy your time off without a major cybersecurity incident, did you?

Patches30 Dec 2025 | 20

Google sends Dark Web Report to its dead services graveyard

Infosec In Brief PLUS: Texas sues alleged TV spies; The Cloud is full of holes; Hospital leaked its own data; And more

Security21 Dec 2025 | 12

Another bad week for SonicWall as SMA 1000 zero-day under active exploit

Flaw in remote-access appliance lets attackers chain bugs for root-level takeover

Cyber-crime18 Dec 2025 | 6

Honeypots can help defenders, or damn them if implemented badly

Infosec In Brief PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more

Security14 Dec 2025 | 3

Half of exposed React servers remain unpatched amid active exploitation

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews

Cyber-crime12 Dec 2025 | 14

Microsoft won't fix .NET RCE bug affecting slew of enterprise apps, researchers say

Updated Devs and users should know better, Microsoft tells watchTowr

Security10 Dec 2025 | 49

Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse

Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files

Patches04 Dec 2025 | 17

CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse

Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix

CSO24 Nov 2025 |

AMD red-faced over random-number bug that kills cryptographic security

Local privileges required to exploit flaw in Ryzen and Epyc CPUs. Some patches available, more on the way

Security05 Nov 2025 | 11

Invasion of the message body snatchers! Teams flaw allowed crims to impersonate the boss

Check Point lifts lid on a quartet of Teams vulns that made it possible to fake the boss, forge messages, and quietly rewrite history

Security04 Nov 2025 | 6

Docker Compose vulnerability opens door to host-level writes – patch pronto

Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity

Patches30 Oct 2025 | 3

Researchers exploit OpenAI's Atlas by disguising prompts as URLs

NeuralTrust shows how agentic browser can interpret bogus links as trusted user commands

Research27 Oct 2025 | 3

Ex-CISA head thinks AI might fix code so fast we won't need security teams

Jen Easterly says most breaches stem from bad software, and smarter tech could finally clean it up

Cyber-crime27 Oct 2025 | 65

Microsoft drops surprise Windows Server patch before weekend downtime

You didn't have plans, did you?

Patches24 Oct 2025 | 16

Forking confusing: Vulnerable Rust crate exposes uv Python packager

Forks of forks of forks, but which ones are patched?

Patches22 Oct 2025 | 6

MCP attack abuses predictable session IDs to hijack AI agents

updated The vuln affects the Oat++ MCP implementation

Cybersecurity Month21 Oct 2025 | 2

Feds flag active exploitation of patched Windows SMB vuln

CISA adds high-severity flaw to KEV list, urges swift updating

Cyber-crime21 Oct 2025 | 6

Microsoft kills 9.9-rated ASP.NET Core bug – 'our highest ever' score

Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code

Security16 Oct 2025 | 3

Zero-day in file-sharing software leads to RCE, and attacks are ongoing

Usually we’d say patch up… not this time

Cybersecurity Month10 Oct 2025 | 6

Hacking contest kerfuffle over copied rules pits Wiz against ZDI

'Seems like you should at least run that through ChatGPT to reword it'

Cybersecurity Month05 Oct 2025 | 12

‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug

Researchers say tens of thousands of instances remain publicly reachable

Patches26 Sep 2025 | 3

UK and US security agencies order urgent fixes as Cisco firewall bugs exploited in wild

CISA gives feds 24 hours to patch, NCSC urges rapid action as flaws linked to ArcaneDoor spies

Patches26 Sep 2025 | 14

OnePlus leaves researchers on read over Android bug that exposes texts

Updated Rapid7 warns flaw could let any app peek at your SMS, but smartphone vendor won't pick up

Security23 Sep 2025 | 11

Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug

Outside experts say the vulnerability has probably already been exploited

Patches19 Sep 2025 | 7

One token to pwn them all: Entra ID bug could have granted access to every tenant

Until Microsoft lobbed it into a virtual volcano

Security19 Sep 2025 | 17

Commvault releases patches for two nasty bug chains after exploits proven

Updated Researchers disclosing their findings said 'it's as bad as it sounds'

Patches20 Aug 2025 |

Intel ghosts researcher who found web apps spilled 270K staff records

Chipzilla quietly fixed the problems without responding to the person who found them

Personal Tech20 Aug 2025 | 15

Chained bugs in Nvidia's Triton Inference Server lead to full system compromise

Wiz Research details flaws in Python backend that expose AI models and enable remote code execution

Patches05 Aug 2025 | 1

Microsoft patches critical SharePoint 2016 zero-days amid active exploits

Admins urged to rotate machine keys, restart IIS after emergency fix

Patches22 Jul 2025 |

CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn

Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal

Patches11 Jul 2025 | 12

Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks

Experts say they don't expect the MOVEit menace to do much about it

Research02 Jul 2025 | 3

Cisco fixes two critical make-me-root bugs on Identity Services Engine components

A 10.0 and a 9.8 – these aren’t patches to dwell on

Datacenter Networking Nexus26 Jun 2025 | 4

Asana's cutting-edge AI feature ran into a little data leakage problem

New MCP server was shut down for nearly two weeks

Security18 Jun 2025 | 2

Veeam patches third critical RCE bug in Backup & Replication in space of a year

Version 13 can’t come soon enough

Patches18 Jun 2025 | 1

Sitecore CMS flaw let attackers brute-force 'b' for backdoor

Hardcoded passwords and path traversals keeping bug hunters in work

Patches17 Jun 2025 | 5

Apple fixes zero-click exploit underpinning Paragon spyware attacks

Zero-day potentially tied to around 100 suspected infections in 2025 and a spyware scandal on the continent

Security13 Jun 2025 | 18

Ivanti makes dedicated fans of Chinese spies who just can't resist attacking its buggy kit

If it ain't broke?

Datacenter Networking Nexus23 May 2025 | 1

Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms

Update before that proof-of-concept comes to bite

Patches20 May 2025 | 21

Ivanti patches two zero-days under active attack as intel agency warns customers

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product

Patches14 May 2025 | 1

As US vuln-tracking falters, EU enters with its own security bug database

EUVD comes into play not a moment too soon

Security13 May 2025 | 26

Curl project founder snaps over deluge of time-sucking AI slop bug reports

Lead dev likens flood to 'effectively being DDoSed'

Security07 May 2025 | 63

Enterprise tech dominates zero-day exploits with no signs of slowdown

As Big Tech gets used to the pain, smaller vendors urged to up their game

Research29 Apr 2025 | 1

Samsung admits Galaxy devices can leak passwords through clipboard wormhole

Infosec in brief PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more!

Security28 Apr 2025 | 11

Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member

What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future

CSO25 Apr 2025 | 17

Emergency patch for potential SAP zero-day that could grant full system control

German software giant paywalls details, but experts piece together the clues

Patches25 Apr 2025 | 2

Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps

10 other certificates 'were mis-issued and have now been revoked'

CSO22 Apr 2025 | 13