Category: Exploit
-
CISA Warns of Apple Vulnerabilities Linked to DarkSword iOS Exploit Chain Exploited in Attacks
CISA Warns of Apple Vulnerabilities Linked to DarkSword iOS Exploit Chain Exploited in Attacks An urgent warning regarding three critical Apple vulnerabilities that threat actors are actively exploiting in the wild. These security flaws, officially tracked as CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, were recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Security researchers have linked…
-
CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks
CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, this security flaw is currently facing active exploitation in the wild. Organizations utilizing Zimbra must urgently prioritize remediation to prevent unauthorized access and…
-
CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks
CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks An urgent warning regarding two highly critical zero-day vulnerabilities affecting Google Chrome and related products. These flaws have been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that malicious hackers are actively exploiting them in the wild. With the deadline for federal agencies to…
-
Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025
Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025 The Google Threat Intelligence Group (GTIG) released its annual analysis, confirming that 90 zero-day vulnerabilities were actively exploited in the wild throughout 2025. While this marks a slight decrease from the record 100 zero-days in 2023, it represents a noticeable increase from 2024’s total of 78.…
-
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
Smashing Security podcast #457: How a cybersecurity boss framed his own employee When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this…
-
Critical BeyondTrust Vulnerability Exploited in the Wild to Gain Full Domain Control
Critical BeyondTrust Vulnerability Exploited in the Wild to Gain Full Domain Control A critical vulnerability tracked as CVE-2026-1731 is being actively exploited in the wild, enabling attackers to gain full domain control over affected systems. Threat actors are leveraging this flaw to execute operating system commands remotely without authentication. The flaw, discovered in self-hosted BeyondTrust deployments, allows unauthenticated…
-
Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild
Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild An active intrusion is targeting critical authentication bypass vulnerabilities in Fortinet’s FortiGate appliances and related products. Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 to perform unauthenticated single sign-on (SSO) logins via malicious SAML messages, granting attackers administrative access. Fortinet disclosed the flaws in a PSIRT…
-
CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation
CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the flaw is being actively exploited in the wild. Posing significant risks to organizations that still utilize these legacy devices.…
-
CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks
CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks A critical alert regarding an active zero-day vulnerability affecting the Microsoft Windows Cloud Files Mini Filter Driver. The vulnerability poses a significant risk to organizations running affected Windows systems and requires immediate remediation efforts. CISA reports that the vulnerability, tracked as CVE-2025-62221,…