Vulnerability News

A surge of ransomware attacks leveraging critical VMware virtualization vulnerabilities has triggered global alerts. Threat actors exploit flaws in ESXi, Workstation, and Fusion products to paralyze enterprise infrastructures. The vulnerabilities CVE-2025-22224 (CVSS 9.3), CVE-2025-22225 (CVSS...

OpenAI's ChatGPT API has been found to have a significant crawler vulnerability that enables attackers to launch Distributed Denial of Service (DDoS) attacks on arbitrary websites.  This vulnerability is a significant concern for both web...

A recent surge in exploitation activity has been observed targeting two critical vulnerabilities, CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. These attacks highlight the persistent threat posed by unpatched systems and the challenges organizations face...

Cisco disclosed a critical security vulnerability affecting Cisco Meraki MX and Z Series devices, which presents significant risks to enterprise networks.  The vulnerability tracked as CVE-2025-20212 and associated with allows authenticated remote attackers to trigger...

The Open Web Application Security Project (OWASP) has released its much-anticipated Smart Contract Top 10 for 2025, a comprehensive awareness document aimed at equipping Web3 developers and security teams with the knowledge to combat...

Cybersecurity researchers at EXPMON have uncovered an intriguing "zero-day behavior" in PDF samples that could potentially be exploited by attackers to leak sensitive NTLM authentication data. The discovery highlights vulnerabilities in how Adobe Reader...

Security researchers have confirmed that a critical remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The vulnerability, which enables attackers to take control of servers...

Fortinet has issued an urgent warning about actively exploiting an already patched authentication bypass zero-day vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products. This critical flaw allows remote attackers to gain super-admin privileges by sending...

A newly disclosed critical vulnerability, identified as CVE-2024-49124, has been classified as a Remote Code Execution (RCE) flaw with a severity rating of Critical by Microsoft. This vulnerability explicitly impacts systems utilizing the Lightweight...

Broadcom disclosed a critical vulnerability affecting its Avi Load Balancer product. The vulnerability, identified as CVE-2025-22217, is an unauthenticated blind SQL injection vulnerability that could allow attackers with network access to execute specially crafted...