A critical vulnerability, identified as CVE-2025-65998, has been discovered in Apache Syncope, a widely-used open-source identity management system, potentially exposing sensitive…
A China-nexus threat actor has been conducting a sophisticated, multi-year espionage campaign using a custom malware downloader, compromising regional infrastructure…
The discovery of CVE-2025-41115 exposes a critical security weakness in the Grafana Enterprise SCIM (System for Cross-domain Identity Management) component,…
SolarWinds has issued an urgent security update for its Serv-U file transfer software, patching three critical remote code execution (RCE)…
A security vulnerability in the widely used 7-Zip file archiver has recently come under active exploitation. The flaw, identified as CVE-2025-11001,…
Heads up, Chrome users! An actively exploited zero-day vulnerability, CVE-2025-13223, has been identified in Google Chrome's V8 JavaScript and WebAssembly engine.…
Operation WrtHug refers to a widespread compromise of end-of-life (EoL) ASUS routers, where attackers exploit previously disclosed vulnerabilities to gain control…
Fortinet has recently addressed two actively exploited zero-days in its FortiWeb web application firewall (WAF). These flaws, a command injection…
Zero-day vulnerabilities sit at the center of many high-profile cyberattacks. Security teams race to defend their environments, while attackers exploit…
A critical authentication bypass vulnerability in Fortinet's FortiWeb web application firewalls (WAF), identified as CVE-2025-64446 with a CVSS score of…