Critical flaws in ConnectWise Automate allow agents to communicate over unencrypted HTTP and accept unsigned updates, opening the door to
Microsoft has released an emergency patch for CVE-2025-55315, a critical ASP.NET Core vulnerability in the Kestrel web server with a
Villager, an AI-driven penetration testing tool released on PyPI, has surged past 11,000 downloads by automating network scanning, exploitation, and
Cl0p ransomware is actively exploiting a zero-day in Oracle E-Business Suite (CVE-2025-61882), allowing unauthenticated remote code execution via the BI
Microsoft has revoked over 200 compromised digital certificates to disrupt a ransomware campaign abusing fake Microsoft Teams installers. Threat actor
A critical flaw in WatchGuard Fireware OS (CVE-2025-9242) allows remote, unauthenticated code execution through vulnerable VPN configurations and is already
Attackers have compromised over 100 SonicWall VPN accounts by exploiting stolen credentials, unpatched vulnerabilities, and OTP seed theft to bypass
Cybersecurity researchers have uncovered a stealthy malware campaign abusing Node.js’s Single Executable Application feature to package Stealit malware as fake
A sophisticated Linux rootkit dubbed LinkPro uses eBPF modules and magic TCP packets to stay hidden and activate on demand.
Two critical vulnerabilities in Wondershare RepairIt (CVE-2025-10643 and CVE-2025-10644) allow unauthenticated remote code execution through misconfigured storage tokens. With CVSS
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.