Microsoft links Storm-1175 to GoAnywhere flaw CVE-2025-10035, exploited since September for Medusa ransomware.
Microsoft patched CVE-2025-55241 July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.
Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit.
A zero-day vulnerability in the Linux kernel was discovered, utilizing OpenAI's o3 model. This finding, designated as CVE-2025-37899, marks a significant advancement in AI-assisted vulnerability research.
: EUVD comes into play not a moment too soon
Cisco fixes CVE-2025-20188, a 10.0 CVSS flaw tied to hardcoded JWT in wireless controllers, preventing root-level remote exploits.
Windows flaw CVE-2025-24054 actively exploited since March 19 to leak NTLM hashes via phishing attacks.
Fortinet patches CVE-2024-48887, a 9.3 CVSS FortiSwitch flaw, urging quick upgrades to avoid attacks.
Google fixed Chrome zero-day CVE-2025-2783 on Mar 20 after attacks exploited a sandbox bypass flaw.
Learn about CVE-2025-29927, a critical vulnerability in Next.js that impacts authorization checks in middleware.
Tarlogic presents research revealing undocumented commands in the ESP32 microchip, present in millions of smart devices with Bluetooth