Exploit

Researchers at Akamai have unveiled a new technique that could potentially put millions of Windows domains at risk. This technique exploits the Dynamic Host Configuration Protocol (DHCP) administrators group to escalate privileges within Active...

A critical vulnerability in the popular file archiving tool 7-Zip (CVE-2025-0411) has been actively exploited in the wild, primarily targeting Ukrainian organizations, added to CISA's known exploited vulnerability database. This flaw allows attackers to bypass...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability, tracked as CVE-2024-21413. This remote code execution (RCE) flaw,...

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical OS command injection vulnerability (CVE-2024-12686) found in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) tools to its Known Exploited Vulnerabilities (KEV)...

A proof-of-concept (PoC) exploit for the critical Apache Struts vulnerability, CVE-2024-53677, has been publicly released, raising alarm across the cybersecurity community. This vulnerability, which scores a 9.5 on the CVSS scale, allows attackers to execute...

A proof-of-concept exploit was released for a critical vulnerability impacting macOS systems, identified as CVE-2024-54498. Security researcher @wh1te4ever recently revealed a proof-of-concept (PoC) exploit showcasing how the flaw allows malicious applications to escape the...

Over 379 Ivanti Connect Secure (ICS) devices were found to be backdoored following the exploitation of a critical zero-day vulnerability, CVE-2025-0282.  The backdoors installed by attackers allow persistent access to the compromised systems, enabling data...