cybersecurity

Firefox Launches One-Click Rollback for Add-ons Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox Launches One-Click Rollback for Add-ons

Do Son September 24, 2025

The Mozilla Foundation has recently announced the launch of a rollback/restore feature for Firefox Add-ons, enabling developers...

9.8 CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

9.8 CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability

Do Son September 23, 2025

SolarWinds has released a hotfix for its Web Help Desk (WHD) software after the discovery of a...

Operation Rewrite: How a Malicious IIS Module Is Hijacking Websites Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Operation Rewrite: How a Malicious IIS Module Is Hijacking Websites

Do Son September 23, 2025

Researchers at Unit 42 uncovered a large-scale search engine optimization (SEO) poisoning campaign, tracked as CL-UNK-1037 and...

New Malware Found in npm Package “fezbox” Uses QR Codes to Steal Credentials GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

New Malware Found in npm Package “fezbox” Uses QR Codes to Steal Credentials

Do Son September 23, 2025

The Socket Threat Research Team has uncovered a new malware campaign hiding inside an npm package called...

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk

Do Son September 23, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw...

6.1 CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

6.1 CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild

Do Son September 23, 2025

Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security...

Beyond Trust: A New Campaign Is Using a Legitimate Tool to Deliver RATs ConnectWise ScreenConnect, RMM tool abuse

ConnectWise ScreenConnect, RMM tool abuse

Beyond Trust: A New Campaign Is Using a Legitimate Tool to Deliver RATs

Do Son September 23, 2025

A new report from Hunt Intelligence reveals how attackers are abusing ConnectWise ScreenConnect (formerly ConnectWise Control) to...

EDR-Freeze: How a Researcher Turned Windows Error Reporting Into a Weapon Against Antivirus EDR evasion, Windows Defender

EDR evasion, Windows Defender

EDR-Freeze: How a Researcher Turned Windows Error Reporting Into a Weapon Against Antivirus

Do Son September 22, 2025

A new study from a ZeroSalarium security researcher sheds light on a new technique to bypass endpoint...

LastPass Warns of New SEO Poisoning Attack Targeting Mac Users LastPass, macOS infostealer

LastPass, macOS infostealer

LastPass Warns of New SEO Poisoning Attack Targeting Mac Users

Do Son September 22, 2025

The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team has issued a warning about an ongoing infostealer...

10.0 PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0

10.0 PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0

Do Son September 22, 2025

Security researcher Ezzer17 published a clear, methodical write-up that walks through the root cause, the partial fixes,...

10.0 CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide Microsoft Entra ID vulnerability CVE-2025-55241

Microsoft Entra ID vulnerability CVE-2025-55241

10.0 CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide

Do Son September 22, 2025

In one of the most significant discoveries of 2025, security researcher Dirk-jan Mollema revealed a vulnerability in...

BiDi Swap: A Decade-Old Unicode Flaw Still Enables URL Spoofing BiDi Swap, phishing attacks Cybersecurity Threats

BiDi Swap, phishing attacks Cybersecurity Threats

BiDi Swap: A Decade-Old Unicode Flaw Still Enables URL Spoofing

Do Son September 22, 2025

The Varonis Threat Labs team has published an eye-opening report about a persistent vulnerability in how modern...

PyPI Under Attack: New Malware ‘SilentSync’ Is Stealing Credentials SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

PyPI Under Attack: New Malware ‘SilentSync’ Is Stealing Credentials

Do Son September 22, 2025

Zscaler ThreatLabz has uncovered yet another supply chain attack against the Python Package Index (PyPI). In August...

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve

Do Son September 22, 2025

Yarix’s Incident Response Team (YIR) has published an in-depth analysis of a targeted intrusion that leveraged an...

Critical CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

Critical CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX

Do Son September 20, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about multiple critical vulnerabilities in ProGauge...

Warning: Popular Apps Leaking Your Private Data Mobile app security, data privacy

Mobile app security, data privacy

Warning: Popular Apps Leaking Your Private Data

Do Son September 20, 2025

Researchers at Jamf Threat Labs have uncovered two mobile applications leaking sensitive user data, including credentials and...

8.8 Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565 Nokia vulnerability CVE-2023-49564, CVE-2023-49565

Nokia vulnerability CVE-2023-49564, CVE-2023-49565

8.8 Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565

Do Son September 19, 2025

Nokia has published a security advisory warning customers of two high-severity vulnerabilities affecting its CloudBand Infrastructure Software...

9.8 CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE Jinjava Vulnerability CVE-2026-25526 CVE-2025-59340 HubSpot RCE

Jinjava Vulnerability CVE-2026-25526 CVE-2025-59340 HubSpot RCE

9.8 CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE

Do Son September 19, 2025

HubSpot has issued a security advisory regarding a critical flaw in its Jinjava template engine, which powers...

CISA Warns of Malicious Listener Malware Exploiting Ivanti Endpoint Manager Mobile Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

CISA Warns of Malicious Listener Malware Exploiting Ivanti Endpoint Manager Mobile

Do Son September 19, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new Malware Analysis Report (MAR) detailing how...

10 CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

10 CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation

Do Son September 19, 2025

A newly disclosed vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) platform has been assigned CVE-2025-10035, carrying...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-4020CVSS 7.5
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and...
CVE-2026-10735
Multiple plugins by ShapedPlugin contain a backdoor in various versions. This makes it possible for unauthenticated attackers to...
CVE-2026-20262CVSS 6.5
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated,...
CVE-2026-54420CVSS 8.5
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a...
CVE-2026-53435CVSS 8.8
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize...
CVE-2026-10795CVSS 8.1
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions...
CVE-2026-11645
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker...
CVE-2026-50751CVSS 9.3
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows...
CVE-2026-20245CVSS 7.8
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local...