Critical vulnerabilities in Veeam Backup & Replication could allow authenticated users to execute code on backup servers, prompting calls for urgent patching.
APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.
Une nouvelle vulnérabilité (CVE-2026-26012) a été corrigée dans Vaultwarden : elle permet de récupérer les mots de passe chiffrés d'autres collections.
TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking.
Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code.
Scammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams.
Learn how the JFrog Security research team discovered and disclosed CVE-2025-11953 which poses a threat to developers using the popular React Native CLI.
CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems.
Welcome to Day One of Pwn2Own Ireland 2025! We have 17 attempts today with some exciting research on display. We’ll be posting results here as we have them, and follow us on Twitter , Mastodon , and Bluesky .
Microsoft links Storm-1175 to GoAnywhere flaw CVE-2025-10035, exploited since September for Medusa ransomware.