Vulnerability News

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding multiple Apple 0-day vulnerabilities currently being actively exploited in targeted attacks. These critical security flaws affect a wide range of Apple...

17,000+ Fortinet devices worldwide have been compromised in a sophisticated cyberattack that leverages a symbolic link persistence technique, according to new findings from Shadowserver. The number of affected devices has climbed from an initial...

A critical remote code execution vulnerability in Erlang/OTP's SSH implementation has security teams scrambling to patch affected systems after researchers confirmed the development of a proof-of-concept exploit. The vulnerability, tracked as CVE-2025-32433 and assigned...

A critical vulnerability in Cisco Webex App that could allow attackers to execute malicious code on target systems through specially crafted meeting invitation links.  The high-severity flaw, tracked as CVE-2025-20236, has prompted Cisco to release...

Critical Windows Task Scheduler involving schtasks.exe binary, which could enable malicious actors to execute commands with SYSTEM-level privileges, bypassing User Account Control (UAC) prompts and erasing audit logs. These flaws significantly elevate the threat landscape...

Cybercriminals have been actively exploiting a critical vulnerability in Windows systems, identified as CVE-2025-24054. This vulnerability leverages NTLM hash disclosure through spoofing techniques. This vulnerability, related to NTLM (New Technology LAN Manager) authentication protocols, has...

Dell Technologies has released a critical security update to address a significant vulnerability in its Alienware Command Center software that could allow attackers to gain elevated privileges on affected systems.  The security advisory details an...

A severe vulnerability in the popular WordPress plugin SureTriggers has been actively exploited within just four hours of its public disclosure on April 10, 2025.  The critical authentication bypass flaw affects all versions of the...

A critical security vulnerability in Apache Roller has been discovered, allowing attackers to maintain unauthorized access to blog systems even after password changes.  The vulnerability, CVE-2025-24859, has received the highest possible CVSS v4 score of...

A significant security vulnerability has been identified in Google Groups, allowing users to circumvent file attachment restrictions by simply sending emails to group addresses.  This broken access control issue potentially impacts thousands of organizations that...