CISA: Microsoft SharePoint RCE flaw now actively exploited
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [.
20 articles
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [.
A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week. The post Cisco Confirms In-the-Wild Ex...
JetBrains has released patches for several critical vulnerabilities in JetBrains Hub that could allow for full authentication bypass, account takeover, and u...
Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has releas...
Apple’s Hide My Email privacy feature currently faces a significant flaw that may expose users’ real email addresses, compromising one of iCloud+’s core anon...
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in...
A coordinated supply-chain campaign has been weaponizing GitHub proof-of-concept (PoC) repositories to compromise vulnerability researchers and penetration t...
Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine spee...
The updates address critical flaws in WebKit, the rendering engine for Safari and other applications on Apple devices.
Europol coordinated the operation, dubbed Ratatouille, which dismantled XSS.is, a forum with over 50,000 members.
The GuardFall vulnerability stems from a fundamental mismatch between how security filters inspect commands and how the Bash shell interprets and executes them.
The operating system command injection flaw, with a CVSS score of 9.6, enables unauthenticated attackers to execute arbitrary commands on the LoadMaster appl...
Modern phishing, business email compromise, and account takeover attacks increasingly exploit trusted identities and legitimate business workflows, making th...
A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerabil...
Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion updates "resolv...
ToddyCat, an advanced persistent threat group long associated with targeted espionage against corporate environments, has evolved its toolkit to exploit OAut...
Researchers found a shell injection flaw in 10 of 11 popular open-source AI agents, allowing attackers to bypass command filters.
Fluentd, a widely used open-source data collector for unified logging, has reported several high-impact vulnerabilities that could enable attackers to achiev...
A sophisticated new botnet family dubbed RustDuck emerged in early 2026, leveraging a two-stage Loader and Core architecture to compromise IoT devices, route...
Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more.