We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain ...

CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP ...

Cybersecurity investigators have identified a new cyberattack campaign connected to the Russia-linked hacking group APT28, ...

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...

A decade-old critical security vulnerability affects over 800,000 internet-exposed telnet servers, with reports of active ...

CVE funding gets last-minute funding reprieve A MITRE head told CVE board members that government funding is about to expire Some have called the move "reckless and ignorant" US government funding for ...

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.

A last-minute reprieve from the U.S. Department of Homeland Security looks to have spared the Common Vulnerabilities and Exposures program for now. "The CVE program is invaluable to the cyber ...

Another round of critical Web Help Desk flaws highlights how SolarWinds’ legacy code and past breaches continue to haunt IT ...

Patch Synology NAS now, a 9.8 flaw allows root by one command, and DSM 7.3.2 Update 1 blocks it for safer access.

Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts. According to the company, Gecko ...

Advanced application security testing startup Detectify AB today announced the launch of Alfred, a new system that uses artificial intelligence to autonomously source, prioritize and generate ...