Resources

Aisuru Botnet: New DDoS Attack Record Set at 29.7 Tbps

Mitchell Langley December 5, 2025

Over the past three months, the formidable Aisuru botnet has executed more than 1,300 DDoS attacks, one of which reached a staggering peak of 29.7 ...

CVE Vulnerability Alerts

Critical Elementor Addons Flaw CVE-2025-8489 Actively Exploited on WordPress Sites

Mitchell Langley December 5, 2025

A severe flaw in the WordPress plugin, King Addons for Elementor, is being actively exploited. This CVE-2025-8489 vulnerability allows privilege escalation, giving attackers administrative access. ...

CVE Vulnerability Alerts

React Server Components’ Security Flaw Risks Unauthenticated Remote Code Execution

Andrew Doyle December 5, 2025

React Server Components are impacted by a critical vulnerability, CVE-2025-55182, offering a CVSS score of 10.0 for unauthenticated remote code execution.

CVE Vulnerability Alerts

CISA Updates KEV Catalog to Include OpenPLC ScadaBR Vulnerability

Andrew Doyle December 1, 2025

CISA updates its Known Exploited Vulnerabilities (KEV) catalog with CVE-2021-26829, a security flaw impacting OpenPLC ScadaBR, used in industrial control systems.

CVE Vulnerability Alerts

SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN

Andrew Doyle November 24, 2025

SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.

Application Security

SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution

Andrew Doyle November 24, 2025

SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...

CVE Vulnerability Alerts

Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component

Andrew Doyle November 24, 2025

Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is crucial for organizations to secure ...

CVE Vulnerability Alerts

CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog

Gabby Lee November 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...

Cybersecurity

Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding

Mitchell Langley November 21, 2025

Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...

CVE Vulnerability Alerts

7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild

Andrew Doyle November 21, 2025

A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England warns organizations to urgently update ...

Weekly Newsletter

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Resources

Aisuru Botnet: New DDoS Attack Record Set at 29.7 Tbps

Critical Elementor Addons Flaw CVE-2025-8489 Actively Exploited on WordPress Sites

React Server Components’ Security Flaw Risks Unauthenticated Remote Code Execution

CISA Updates KEV Catalog to Include OpenPLC ScadaBR Vulnerability

SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN

SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution

Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component

CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog

Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding

7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild

Weekly Newsletter

Bogus Traffic Violation Text Scam Targeting Americans

EvilTokens Kit Uses Device Code Phishing to Target Microsoft Accounts

Ukrainian CERT Impersonated in Phishing Campaign Distributing AGEWHEEZE

New Phishing Techniques Threaten TikTok Business Account Security

Cryptocurrency Threats via Phishing Campaign Targeting French-Speaking Corporations

LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves

Phishing Attack Hits Intuitive’s Internal IT Business Systems

Signal Cyberattack in Germany Targets Politicians Through Impersonation

Targeted Phishing Attack Breaches Security Firm Executive

Russian Campaign Targets Ukraine with BadPaw and MeowMeow Malware

Daily Briefing Newsletter