Main Menu

CVE Vulnerability Alerts

Atlassian Publishes Security Patches for Critical Vulnerabilities in Multiple Products
CVE Vulnerability Alerts
Atlassian Publishes Security Patches for Critical Vulnerabilities in Multiple Products
December 16, 2025
Atlassian has released security updates targeting multiple vulnerabilities, including critical-severity issues in products like Apache Tika. One major flaw is an XML External Entity (XXE) ...
FreePBX Critical Vulnerability Enables Potential Authentication Bypass
CVE Vulnerability Alerts
FreePBX Critical Vulnerability Enables Potential Authentication Bypass
December 16, 2025
FreePBX, an open-source private branch exchange (PBX) platform, has multiple security vulnerabilities. A critical flaw (CVE-2025-61675) allows authentication bypass under certain configurations.
Apple Patches Critical Vulnerabilities Across Multiple Platforms
CVE Vulnerability Alerts
Apple Patches Critical Vulnerabilities Across Multiple Platforms
December 15, 2025
Apple releases crucial security patches for iOS, iPadOS, macOS, watchOS, and more, targeting two actively exploited vulnerabilities. Among these is CVE-2025-43529, a significant use-after-free flaw ...
CISA Alerts on Exploited Vulnerability in Sierra Wireless AirLink ALEOS Routers
CVE Vulnerability Alerts
CISA Alerts on Exploited Vulnerability in Sierra Wireless AirLink ALEOS Routers
December 15, 2025
The U.S. Cybersecurity and Infrastructure Security Agency has added a flaw in Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities catalog. This follows ...
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
CVE Vulnerability Alerts
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
December 11, 2025
Ivanti has issued an urgent patch for a critical vulnerability, CVE-2023-35082, in its Endpoint Manager solution. This flaw enables attackers to remotely execute code, highlighting ...
Mirai-based Broadside Botnet Exploits TBK Vision DVRs in Maritime Sector
CVE Vulnerability Alerts
Mirai-based Broadside Botnet Exploits TBK Vision DVRs in Maritime Sector
December 11, 2025
The Broadside botnet, a Mirai variant, exploits CVE-2024-3721 vulnerabilities in TBK Vision DVRs, posing a threat to maritime logistics.
Critical RSC Vulnerability Added to CISA's KEV Catalog Due to Active Exploitation
CVE Vulnerability Alerts
Critical RSC Vulnerability Added to CISA’s KEV Catalog Due to Active Exploitation
December 9, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a serious flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog. ...
React2Shell Vulnerability Exposes Over 77,000 IPs Worldwide
CVE Vulnerability Alerts
React2Shell Vulnerability Exposes Over 77,000 IPs Worldwide
December 8, 2025
Over 77,000 Internet-exposed IP addresses are endangered by the critical React2Shell vulnerability, CVE-2025-55182. Attackers have already compromised over 30 organizations, spanning diverse industry sectors. This ...
Apache Tika Vulnerability CVE-2025-66516 Exposes Systems to Critical Risks
CVE Vulnerability Alerts
Apache Tika Vulnerability CVE-2025-66516 Exposes Systems to Critical Risks
December 8, 2025
Apache Tika users face critical risks due to a severe vulnerability allowing XML external entity (XXE) attacks. With a CVSS score of 10.0, the flaw ...
Critical Elementor Addons Flaw CVE-2025-8489 Actively Exploited on WordPress Sites
CVE Vulnerability Alerts
Critical Elementor Addons Flaw CVE-2025-8489 Actively Exploited on WordPress Sites
December 5, 2025
A severe flaw in the WordPress plugin, King Addons for Elementor, is being actively exploited. This CVE-2025-8489 vulnerability allows privilege escalation, giving attackers administrative access. ...
Load More
Trending
Spiderman Phishing Kit Poses New Threat to European Banks and Crypto Holders
Intense Surge in Phishing Campaigns with New Malicious Domains
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.