Vulnerabilities Archives

3 Min Read

October 8, 2025

Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin

researchers at Wordfence have issued an urgent warning about an actively exploited authentication bypass in the Service Finder Bookings plugin…

2 Min Read

October 8, 2025

CISA Adds Zimbra XSS Flaw to KEV After Active Exploitation

On October 6, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-27915—an actively exploited vulnerability…

6 Min Read

October 7, 2025

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has…

5 Min Read

October 7, 2025

CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)

CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as…

2 Min Read

October 7, 2025

Redishell: The Critical 13-Year-Old Redis Vulnerability Need to be Patched

In early October 2025, a devastating remote code execution (RCE) vulnerability in Redis—known as Redishell (CVE-2025-49844)—shook…

2 Min Read

October 7, 2025

Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation

A critical security flaw in Redis, a popular in-memory database platform used by about 75% of cloud environments, has left an estimated 60,000…

3 Min Read

October 7, 2025

Clop raid on Oracle E-Business Suite started months ago, researchers warn

Security boffins say the Clop cybercriminal gang has been rummaging through Oracle's E-Business Suite (EBS) for months – and now the…

2 Min Read

October 7, 2025

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844)

Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability…

2 Min Read

October 7, 2025

CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day

A widespread campaign observed exploiting a novel zero-day vulnerability in Oracle E-Business Suite (EBS) applications, now tracked as…

3 Min Read

October 7, 2025

Researchers Uncover 13-Year-Old Redis Flaw Impacting Nearly 330,000 Instances

Researchers have uncovered a 13-year-old critical remote-code-execution flaw in Redis that let attackers escape the product’s Lua…

2 Min Read

October 7, 2025

Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass – PoC Released

Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall…

2 Min Read

October 7, 2025

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)

Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle…

2 Min Read

October 7, 2025

Attackers Deployed Medusa Ransomware via GoAnywhere MFT Zero-Day

Cybercriminals exploited a critical deserialization flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) tool—tracked as…

2 Min Read

October 7, 2025

GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware

A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the…

2 Min Read

October 7, 2025

NCSC: Patch Critical Oracle EBS Bug Now

Oracle E-Business Suite (EBS) customers have been urged to patch a critical vulnerability in the product, after reports that the…

2 Min Read

October 7, 2025

Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials

Elastic has released a security advisory detailing a medium-severity vulnerability in the Kibana CrowdStrike Connector that could allow for…

2 Min Read

October 7, 2025

Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign

A vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) tool with a CVSS score of 10.0 is being actively exploited in…

8 Min Read

October 5, 2025

Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How…

2 Min Read

October 5, 2025

Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code

Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used…

5 Min Read

October 5, 2025

Addressing the CL0P Extortion Campaign Targeting Oracle E-Business Suite (EBS) Users

Cybereason is continuing to investigate. Check the Cybereason blog for additional updates. Overview and What Cybereason Knows So Far…

3 Min Read

October 4, 2025

500X Surge in Scanning Targets Palo Alto and Cisco ASA

Enterprise security teams are on high alert after an extraordinary 500% spike in mass scanning activity was detected against Palo Alto…

3 Min Read

October 4, 2025

Breaking Point: Storage & Backup Systems

Surging Cyber Threats: Actively Exploited Vulnerabilities in Storage and Backup Systems Enterprise storage and backup systems have become a…

3 Min Read

October 4, 2025

New Study Warns Several Free iOS and Android VPN Apps Leak Data

Millions who rely on free mobile Virtual Private Network (VPN) apps for online privacy may actually be putting their data at greater risk,…

2 Min Read

October 4, 2025

Clop Ransomware Targets Oracle E-Business Suite: Extortion Wave Hits Global Enterprises

A new wave of extortion attacks linked to the Clop ransomware group has recently shaken organizations using Oracle E-Business Suite (EBS),…

2 Min Read

October 3, 2025

Global Exposure of 180,000 ICS/OT Devices Raises Safety Concerns

The cybersecurity firm Bitsight has issued a major warning about a rapid increase in critical systems left vulnerable on the public internet.…

2 Min Read

October 3, 2025

Chinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO Fraud

A Chinese-speaking cybercrime group is hijacking trusted Internet Information Services (IIS) worldwide to run SEO scams that redirect users to…

4 Min Read

October 3, 2025

The Good, the Bad and the Ugly in Cybersecurity – Week 40

The Good | UK Convicts “Bitcoin Queen” in World’s Largest Cryptocurrency Seizure This week, a court in the UK convicted…

2 Min Read

October 3, 2025

Hackers Attempting to Exploit Grafana Vulnerability that Enables Arbitrary File Reads

Grafana, the popular open-source analytics and visualization platform, has once again become the target of a large‐scale, coordinated…

2 Min Read

October 3, 2025

DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely

A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute…

2 Min Read

October 3, 2025

Critical Splunk Vulnerabilities Expose Platforms to Remote JavaScript Injection and More

Splunk has disclosed six critical security vulnerabilities impacting multiple versions of both Splunk Enterprise and Splunk Cloud Platform.…

2 Min Read

October 3, 2025

Hackers Target Unpatched Flaws in Oracle E-Business Suite

Oracle has advised customers that hackers may be exploiting vulnerabilities in unpatched instances of its E-Business Suite (EBS). This follows…

1 Min Read

October 3, 2025

CISA KEV Catalog Update October 2025 – Part I

CISA recently updated its Known Exploited Vulnerabilities (KEV) catalog with critical vulnerabilities across GNU Bash, Juniper, Samsung,…

2 Min Read

October 3, 2025

Red Hat Confirms Data Breach After Hackers Claim to Steal 570GB of Private GitHub Repositories

Red Hat, the world’s leading enterprise open-source software provider, has officially confirmed a significant security incident…

2 Min Read

October 3, 2025

Google Announces $4 Billion Arkansas Investment for New AI Data Center and 600 MW Solar Project

Google has announced plans to invest up to $4 billion in Arkansas by 2027, channeling resources into infrastructure, energy transition, and…

2 Min Read

October 3, 2025

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin

A newly disclosed in the Spirit Framework plugin for WordPress has put thousands of websites at immediate risk of compromise. Tracked as…

2 Min Read

October 3, 2025

Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites

A new has been disclosed in the widely used Yoast SEO Premium plugin for WordPress, potentially exposing millions of websites to cross-site…

2 Min Read

October 3, 2025

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)

Recently, GreyNoise observed a sudden and highly coordinated wave of exploitation attempts targeting CVE-2021-43798, a Grafana path traversal…

2 Min Read

October 3, 2025

Researcher Details Zero-Day Linux/Android Kernel Flaw (CVE-2025-38352)

researcher StreyPaws has published an in-depth analysis of CVE-2025-38352, a Time-of-Check to Time-of-Use (TOCTOU) race condition in the…

2 Min Read

October 2, 2025

Chrome Security Update – Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser

Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers…

3 Min Read

October 2, 2025

Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code

Splunk has released patches for multiple vulnerabilities in its Enterprise and Cloud Platform products, some of which could allow attackers to…

2 Min Read

October 2, 2025

Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication

The Termix project has disclosed a critical authentication bypass in its official Docker image, exposing sensitive SSH configuration data…

2 Min Read

October 2, 2025

Chrome 141 Stable Channel Update Patches High-Severity Vulnerabilities (CVE-2025-11205 & CVE-2025-11206)

The Chrome team has announced the promotion of Chrome 141 to the Stable Channel for Windows, Mac, and Linux. The release—version…