Main Menu

CVE Vulnerability Alerts

Major Security Flaw Found in vm2 Node.js Sandbox Tool
CVE Vulnerability Alerts
Major Security Flaw Found in vm2 Node.js Sandbox Tool
January 28, 2026
A serious vulnerability in the vm2 Node.js sandbox library, identified as CVE-2026-22709, could jeopardize system security by enabling the execution of arbitrary code outside the ...
CISA Identifies Critical Broadcom VMware vCenter Vulnerability CVE-2024-37079
CVE Vulnerability Alerts
CISA Identifies Critical Broadcom VMware vCenter Vulnerability CVE-2024-37079
January 28, 2026
CISA has added a significant vulnerability, CVE-2024-37079, found in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog. This move emphasizes the critical nature ...
CVE Vulnerability Alert! CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
CVE Vulnerability Alerts
CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
January 22, 2026
CVE-2025-64671 enables remote code execution in GitHub Copilot for JetBrains through cross prompt injection, allowing attackers to manipulate AI-generated instructions within developer environments.
Zoom's Critical Security Update Resolves Severe Vulnerability
CVE Vulnerability Alerts
Zoom’s Critical Security Update Resolves Severe Vulnerability
January 22, 2026
Zoom released a critical security update addressing CVE-2026-22844, a severe vulnerability that could facilitate remote code execution. With a CVSS score of 9.9, this flaw ...
Critical Vulnerability in Modular DS WordPress Plugin Exploited
Application Security
Critical Vulnerability in Modular DS WordPress Plugin Exploited
January 18, 2026
A serious security flaw in the Modular DS WordPress plugin has been identified and exploited, permitting unauthenticated privilege escalation. This vulnerability, CVE-2026-23550, has a maximum ...
Adobe's Latest Security Patches Address Critical Vulnerabilities in ColdFusion
Application Security
Adobe’s Latest Security Patches Address Critical Vulnerabilities in ColdFusion
January 14, 2026
Adobe recently released updates to resolve 25 vulnerabilities across its software products. A critical bug in ColdFusion, linked to Apache Tika, is among the flaws ...
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Application Security
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
January 13, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) mandates government agencies to immediately secure systems against a high-severity Gogs vulnerability, CVE-2025-8110, exploited in the wild. Organizations ...
RondoDox Botnet Utilizes React2Shell Vulnerability to Infiltrate Servers
CVE Vulnerability Alerts
RondoDox Botnet Utilizes React2Shell Vulnerability to Infiltrate Servers
January 5, 2026
RondoDox is exploiting the React2Shell flaw in Next.js to gain remote code execution, deploy malware, and install cryptominers. The campaign highlights how unpatched web frameworks ...
IBM Discloses Critical Security Vulnerability in API Connect
CVE Vulnerability Alerts
IBM Discloses Critical Security Vulnerability in API Connect
January 5, 2026
IBM has identified a critical vulnerability in its API Connect software, CVE-2025-13915, which allows attackers to bypass authentication and gain remote access. With a CVSS ...
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
Application Security
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
December 31, 2025
The Cyber Security Agency of Singapore warns of a dangerous remote code execution vulnerability in SmarterTools SmarterMail, CVE-2025-52691, with a CVSS score of 10.0.
Load More
Trending
Signal Cyberattack in Germany Targets Politicians Through Impersonation
Targeted Phishing Attack Breaches Security Firm Executive
Russian Campaign Targets Ukraine with BadPaw and MeowMeow Malware
Underground Sale of Compromised cPanel Credentials Fuels Phishing Infrastructure
Phishing Warnings as LastPass Users Get Targeted by Fake Alerts
Law Enforcement Dismantles Tycoon2FA Phishing-as-a-Service Platform
Phishing Attack Masquerades as Google Security Page to Steal Sensitive Information
Optimizely Suffers a Data Breach Through a Voice Phishing Attack
Cybercriminals Exploit OAuth 2.0 Device Authorization Flow in Vishing Campaigns
Germany Warns of Phishing Threats via Signal Targeting High-Profile Individuals

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.