CVE Vulnerability Alerts

SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN

November 24, 2025

SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and

SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution

November 24, 2025

SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as

Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component

November 24, 2025

Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is

CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog

November 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog.

7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild

November 21, 2025

A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England

CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited

November 17, 2025

CISA has confirmed active exploitation of CVE-2024-40446, a critical path traversal flaw in Fortinet FortiWeb 8.0.0 that allows unauthenticated attackers

RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki

November 17, 2025

RondoDox botnet operators are exploiting CVE-2025-24893, a critical 9.8-rated eval injection flaw in XWiki that enables unauthenticated remote code execution.

ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers

November 16, 2025

ASUS released urgent firmware updates to fix a critical authentication bypass flaw in multiple DSL routers, warning users to patch

Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day

November 12, 2025

Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation.

Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch

November 11, 2025

Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized

SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN

SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution

Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component

CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog

7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild

CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited

RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki

ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers

Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day

Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch

SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN

SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution

Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component

CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog

7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild

CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited

RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki

ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers

Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day

Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch

Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA

Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals

Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers

Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign

LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

Route Redirect Automates Large-Scale Microsoft 365 Phishing

Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials

Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware

Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks

How Device Code Phishing Abuses OAuth Flows on Google and Azure

Daily Briefing Newsletter