Critical Alert 1 Active Exploit Detected Today

CVE-2026-28318 — SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability →

Powered by CVE Watchtower

×

zero-day

Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update

Do Son November 17, 2025

Google has issued an urgent, out-of-band security update for the Chrome Stable channel, addressing two separate Type...

Amazon Exposes Advanced APT Exploiting Cisco ISE (RCE) and Citrix Bleed Two as Simultaneous Zero-Days Cisco ISE Zero-Day, Citrix Bleed Two

Cisco ISE Zero-Day, Citrix Bleed Two

Amazon Exposes Advanced APT Exploiting Cisco ISE (RCE) and Citrix Bleed Two as Simultaneous Zero-Days

Do Son November 14, 2025

The Amazon Threat Intelligence team has uncovered a highly sophisticated threat campaign exploiting multiple zero-day vulnerabilities in...

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation

Do Son November 12, 2025

Microsoft has released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority...

Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution

Do Son November 11, 2025

Synology has released an urgent security update for its BeeStation OS, patching a zero-day vulnerability (CVE-2025-12686) that...

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover Triofox Zero-Day, Host Header Bypass

Triofox Zero-Day, Host Header Bypass

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover

Do Son November 11, 2025

Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed that a critical unauthenticated...

Critical Warning: QNAP Patches Seven Zero-Days Exploited at Pwn2Own 2025 QNAP Zero-Day, Pwn2Own Exploit CVE-2024-21899 - QNAP QTS vulnerability

QNAP Zero-Day, Pwn2Own Exploit CVE-2024-21899 - QNAP QTS vulnerability

Critical Warning: QNAP Patches Seven Zero-Days Exploited at Pwn2Own 2025

Do Son November 8, 2025

QNAP has issued an urgent security advisory and released patches for seven zero-day vulnerabilities that were successfully...

Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day for SYSTEM Control BRONZE BUTLER, Zero-Day

BRONZE BUTLER, Zero-Day

Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day for SYSTEM Control

Do Son October 31, 2025

A sophisticated campaign executed by the Chinese state-sponsored threat group BRONZE BUTLER (also known as Tick) has...

Brash Attack: Critical Chromium Flaw Allows DoS via Simple Code Injection Chrome 14-day update cycle Chromium JPEG-XL Image Format Debate Chromium DoS, document.title Browser Muting, iframe Media Supporters of Chromium-based Browsers

Chrome 14-day update cycle Chromium JPEG-XL Image Format Debate Chromium DoS, document.title Browser Muting, iframe Media Supporters of Chromium-based Browsers

Brash Attack: Critical Chromium Flaw Allows DoS via Simple Code Injection

Do Son October 31, 2025

Google’s Chromium, developed by Google, forms the foundation of many modern browsers — yet researchers have uncovered...

Spy vs. Spy: Mercenary Spyware Targets the Developers Who Build It Mercenary spyware, developer target Serbian Spyware

Mercenary spyware, developer target Serbian Spyware

Spy vs. Spy: Mercenary Spyware Targets the Developers Who Build It

Do Son October 22, 2025

Developer Jay Gibson recently contacted TechCrunch to recount his experience of being targeted by a state-sponsored spyware...

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation CVE-2021-1435 Adobe AEM RCE, CVE-2025-54253

CVE-2021-1435 Adobe AEM RCE, CVE-2025-54253

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation

Do Son October 16, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager (AEM) vulnerability to...

October Patch Tuesday: Microsoft Fixes 6 Zero-Days, Including 4 Actively Exploited Flaws, as Windows 10 Reaches End-of-Life Patch Tuesday Zero-Days, Windows 10 Final Update

Patch Tuesday Zero-Days, Windows 10 Final Update

October Patch Tuesday: Microsoft Fixes 6 Zero-Days, Including 4 Actively Exploited Flaws, as Windows 10 Reaches End-of-Life

Do Son October 15, 2025

Microsoft’s October 2025 Patch Tuesday has arrived with one of the largest security updates of the year—193...

Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover

Do Son October 14, 2025

After discovering that hackers were exploiting a zero-day vulnerability in the Chakra JavaScript engine used by Internet...

Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI

Do Son October 10, 2025

Huntress has sounded the alarm over active exploitation of a newly discovered Local File Inclusion (LFI) vulnerability...

Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog

Do Son October 8, 2025

A cross-site scripting (XSS) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) — tracked as CVE-2025-27915 — has...

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER

Do Son October 7, 2025

CrowdStrike has sounded the alarm on an ongoing mass exploitation campaign targeting Oracle E-Business Suite (EBS) applications...

Zero-Day PoC Published: Privilege Escalation Flaw in VMware Tools Used by Chinese APT

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Zero-Day PoC Published: Privilege Escalation Flaw in VMware Tools Used by Chinese APT

Do Son September 30, 2025

A newly disclosed local privilege escalation vulnerability, CVE-2025-41244, has been exploited as a zero-day in the wild,...

PoC Exploit Details for Actively Exploited iOS Zero-Day Flaw Now Public Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

PoC Exploit Details for Actively Exploited iOS Zero-Day Flaw Now Public

Do Son September 29, 2025

Proof-of-concept exploit code is now publicly available online for a zero-day flaw in iOS/iPadOS, macOS, tvOS, watchOS,...

CRITICAL Cisco Zero-Day (CVE-2025-20333, CVSS 9.9) Under Active Attack: VPN Flaw Allows Root RCE Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

CRITICAL Cisco Zero-Day (CVE-2025-20333, CVSS 9.9) Under Active Attack: VPN Flaw Allows Root RCE

Do Son September 26, 2025

Cisco has disclosed a zero-day vulnerability affecting its Secure Firewall Adaptive Security Appliance (ASA) Software and Secure...

Cisco Zero-Day CVE-2025-20362 Under Attack: VPN Flaw in ASA/FTD Exposes Restricted Resources Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco Zero-Day CVE-2025-20362 Under Attack: VPN Flaw in ASA/FTD Exposes Restricted Resources

Do Son September 26, 2025

Cisco has released software updates addressing a zero-day vulnerability in the VPN web server of its Secure...

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS

Do Son September 25, 2025

Two vulnerabilities were found in WordPress Core, affecting all versions up to and including 6.8.2. Both flaws...