Chinese state-backed hackers are exploiting a critical Microsoft SharePoint flaw, CVE-2025-53770 “ToolShell,” enabling unauthenticated remote code execution and data theft.
CISA warns that a critical Lanscope Endpoint Manager flaw (CVE-2025-61932) is being exploited in the wild, prompting urgent patching and
CISA has added 15 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog for October 2025, covering flaws in
Cl0p ransomware is actively exploiting a zero-day in Oracle E-Business Suite (CVE-2025-61882), allowing unauthenticated remote code execution via the BI
A critical flaw in WatchGuard Fireware OS (CVE-2025-9242) allows remote, unauthenticated code execution through vulnerable VPN configurations and is already
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set
Citrix patches critical NetScaler RCE CVE-2025-7775 exploited in zero-day attacks; admins must upgrade affected NetScaler ADC and Gateway builds immediately.
CISA has added 47 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, including flaws in SharePoint, Google
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware
A newly discovered zero-day in WinRAR, CVE-2025-8088, is being exploited by RomCom hackers to plant executables in Windows Startup folders
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.