RondoDox botnet operators are exploiting CVE-2025-24893, a critical 9.8-rated eval injection flaw in XWiki that enables unauthenticated remote code execution.
New research reveals that popular AI inference engines—including Meta’s TorchServe, Nvidia’s Triton, vLLM, and Microsoft’s ONNX Runtime—contain critical ZeroMQ and
Researchers say Fortinet quietly patched a FortiWeb zero-day that was already being exploited, offering little transparency or guidance. The silent
Clop exploited an unpatched Oracle E-Business Suite flaw to steal corporate data from Logitech, prompting the company to confirm exposure
Akira ransomware now targets Nutanix AHV virtual machines, encrypting .qcow2 files, exploiting SonicWall vulnerabilities, and rapidly exfiltrating data across Linux-based
Windows 11 now supports third-party passkey managers like 1Password and Bitwarden, allowing users to authenticate with FIDO-compliant passkeys beyond Microsoft’s
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.