SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399)
SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular…
Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689)
Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG),…
How One Bad Password Ended a 158-Year-Old Business
Most businesses don't make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years.…
Google Chrome Patches Three High-Severity Flaws in V8 Engine
Google has released a Stable Channel Update for Desktop with builds 140.0.7339.207/.208 for Windows and Mac and 140.0.7339.207 for Linux. The…
Third time's the charm? SolarWinds (again) patches critical Web Help Desk RCE
SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could…
SolarWinds releases third patch to fix Web Help Desk RCE bug
SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without…
SonicWall releases SMA100 firmware update to wipe rootkit malware
SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices.…
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited,…
CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability
SolarWinds has released a hotfix for its Web Help Desk (WHD) software after the discovery of a critical remote code execution (RCE)…
CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild
Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security Gateway…
Chrome Type Confusion 0-Day Vulnerability Code Analysis Released
Google Chrome’s V8 JavaScript engine has been compromised by a critical type confusion zero-day vulnerability, designated…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)
If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version…
Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is…
Why “Time to Patch” Is the Cybersecurity KPI That Matters Most
The way your organization manages its risk tolerance and regulatory factors are key performance indicators (KPIs) for assessing your…
GoAnywhere MFT Hit By Perfect 10 RCE
IntroductionOn September 18, 2025, Fortra dropped urgent security advisories for users of their flagship GoAnywhere Managed File Transfer…
Top Zero-Day Vulnerabilities Exploited in the Wild in 2025
The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors.…
How the U.S. Can Strengthen Its Cyber Defenses Against Nation-State Threats
The American power grid is not just the backbone of modern life. It’s a high-value target in our new era of geopolitical conflict. As…
Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug
Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs…
Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in…
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution…
CISA Warns of Malicious Listener Malware Exploiting Ivanti Endpoint Manager Mobile
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new Malware Analysis Report (MAR) detailing how threat actors are…
Google pushes emergency patch for Chrome 0-day – check your browser version now
Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running…
Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks
Palo Alto, California, September 18th, 2025, CyberNewsWire SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32…
SonicWall Discloses Compromise of Cloud Backup Service
Cybersecurity vendor SonicWall has disclosed a security incident affecting its cloud backup service for firewalls. An investigation found that…
Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)
Google has released a security update for the Chrome stable channel to fix a zero‑day vulnerability (CVE-2025-10585) reported by its…
Google patches sixth Chrome zero-day exploited in attacks this year
Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since…
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been…
Chrome Emergency Update: Zero-Day (CVE-2025-10585) in V8 Exploited in the Wild
Google has released a Stable Channel update to version 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for Linux, addressing four…
SonicWall warns customers to reset credentials after breach
SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that…
CVE-2025-43300: Apple’s Critical Zero-Day ImageIO Vulnerability
IntroductionSecurity researchers and Apple users alike are on high alert following the discovery and active exploitation of…
Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad
Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation…
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in…
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any…
Apple backports zero-day patches to older iPhones and iPads
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that…
Securing Linux Systems in the Age of AI: Unified Security Strategies for Modern Enterprises
Introduction In the rapidly evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) has emerged as a…
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust…
Samsung Zero-Day Exploit CVE-2025-21043 Patched After Active Attacks on Android Devices
Samsung has released security updates to patch a critical zero-day vulnerability actively exploited against Android devices. Tracked as…
PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)
The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has been found vulnerable…
Samsung Fixes Image Parsing Vulnerability Exploited in Android Attacks
Samsung has patched a serious security vulnerability that hackers were already using in live attacks against its Android devices. The issue,…
Google Chrome Patches Critical Security Flaws in September 2025 Update
In early September 2025, Google released an important security update for its Chrome browser—version 140.0.7339.127—to patch two…
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow…