Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular…
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others…
ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories
It's getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they're…
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by…
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under…
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server…
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to…
How to Streamline Zero Trust Using the Shared Signals Framework
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because…
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server…
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and…
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS…
NHS Warns of PoC Exploit for 7-Zip Symbolic Link–Based RCE Vulnerability
Update: The NHS England Digital, in an updated advisory on November 20, 2025, said it has not observed in-the-wild exploitation of…
Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb Web Application Firewall…
⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Cyber threats didn't slow down last week—and attackers are getting smarter. We're seeing malware hidden in virtual machines,…
Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with…
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact…
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability…
Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe…
Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform
Scaling the SOC with AI - Why now? Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR's AI-SOC Market…
ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More
The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it's become to turn everyday technology into a…
October 2025 Patch Tuesday: Two Publicly Disclosed, Three Zero-Days, and Eight Critical Vulnerabilities Among 172 CVEs
Microsoft has addressed 172 vulnerabilities in its October 2025 security update release, marking the highest number of vulnerabilities patched…
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience…
CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation
The Cybersecurity and Infrastructure Agency (CISA) has added a critical Adobe Experience Manager (AEM) to its Known Exploited (KEV) Catalog,…
Last Windows 10 Patch Tuesday Features Six Zero Days
It’s set to be a busy October for system administrators after Microsoft issued security updates to fix 172 vulnerabilities including six…
Windows Remote Access Connection Manager 0-Day Vulnerability Exploited in Attacks
Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan)…
Critical RCE Flaws CVE-2025-48983 & CVE-2025-48984 (CVSS 9.9) Found in Veeam Backup & Replication
Veeam Software has released patches addressing three newly disclosed , including two critical Remote Code Execution (RCE) in Veeam Backup…
FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands
Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated…
Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities across its ecosystem, including four…
Oracles silently fixes zero-day exploit leaked by ShinyHunters
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a…
CVE Deep Dive : CVE-2025–32463
Sudo “Chroot to Root” — Critical Library Loading Privilege EscalationPublished : Sept 23, 2025 | by : OptPress enter or…
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal…
Oracle releases emergency patch for new E-Business Suite flaw
Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited…
Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)
The Zero Day Initiative (ZDI) has published details of two critical in the popular open-source compression utility 7-Zip, which could allow…
Micropatches Released for Windows Storage Spoofing Vulnerability (CVE-2025-49760)
July 2025 Windows Updates brought a patch for CVE-2025-49760, a local privilege escalation vulnerability allowing a local unprivileged…
Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges
A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator…
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol…
PoC Exploit Released for Critical Lua Engine Vulnerabilities
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote…
Critical Nagios Flaw CVE-2025-44823 (CVSS 9.9) Leaks Plaintext Admin API Keys, PoC Available
researchers have identified two critical in Nagios Log Server, the enterprise log management solution widely used for centralized logging,…
Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog
A cross-site scripting (XSS) in Synacor Zimbra Collaboration Suite (ZCS) — tracked as CVE-2025-27915 — has been confirmed to be…
OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames
researcher David Leadbeater has disclosed a in OpenSSH, identified as CVE-2025-61984, which highlights how even minor quirks in command-line…
Chrome 141 Stable Fixes Two High-Severity Flaws: Heap Overflow in Sync and UAF in Storage
Google has released a new Stable Channel update for Chrome 141.0.7390.65/.66 on Windows and macOS and 141.0.7390.65 for Linux, addressing…
Clop exploited Oracle zero-day for data theft since early August
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early…