Technology ❯ Cybersecurity ❯ Vulnerabilities

Exploits

CVE-2025-53770 CVE-2025-6558 Malware Patches CVE-2025-24085 Spyware Remote Access User Safety Privilege Escalation WebKit CVEs Patching CVE-2025-31200 CVE-2025-31201 Core Audio Vulnerability Security Fixes CoreAudio CVE-2025-10035 CVE-2025-6543 Information Disclosure WinRAR Microsoft Remote Attacks SIM Swapping Personal Information Spotlight Vulnerability CitrixBleed2 CVE-2025-5777 Microsoft SharePoint Sploitlight CVE Identifiers ImageIO Vulnerability SAP NetWeaver Memory Corruption CVE-2025-8875 and CVE-2025-8876 Unpatched Servers Apple Security Update Microsoft Flaw Apple Pixie Dust Samsung Samsung Galaxy CVE-2025-21043 Smart Contract Flaws CVE-2025-32463 CVE-2025-59489 Zero-Day Exploits CVE-2025-11412 Side Channel Attacks User Impact Rounding Errors Malicious Software CVE-2023-20198 Man-in-the-Middle Attacks Fortinet FortiWeb Zero-Day CVE-2025-21042 CVE-2025-12480 Heap Corruption WebKit Flaws CVE-2024-37085 React Server Components Mobile Devices Qualcomm Chips CVE-2024-43047 USB Restricted Mode Physical Access CVE-2025-24200 Security Flaws Zero-Day Attacks

Notarized MacSync Stealer Variant Bypasses Gatekeeper as Apple Revokes Signing Certificate

Researchers describe a shift toward signed installers that lower early detection for macOS infostealers.

Apple Limits Critical iPhone Fixes to iOS 26.2, Pressuring Users to Upgrade

Google Links More State Groups to React2Shell as Wallet-Draining Attacks Spread

Fortinet Confirms Critical FortiWeb Zero-Day Is Being Exploited as CISA Sets Nov. 21 Patch Deadline

Mandiant Says Hackers Exploit Triofox Flaw to Create Admin Accounts and Execute Code

CISA Orders Patch of Exploited Samsung Zero‑Day Used to Deliver LANDFALL Spyware

Balancer Blames $116.6 Million DeFi Heist on Rounding Bug in Swap Math

ASD Flags Ongoing BadCandy Re-Infections on Cisco IOS XE as 150+ Devices Remain Compromised

ToolShell SharePoint Exploits Spread Across Four Continents, Symantec Finds

Researchers Unveil 'Pixnapping' Android Attack That Steals On‑Screen Data in Seconds

Windows 10 Support Ends Tuesday as Microsoft Urges ESU Enrollment

Steam Blocks Risky Launches as Microsoft Urges Uninstalls After Unity Patches High-Severity Engine Flaw

CISA Flags Actively Exploited Sudo Flaw, Sets Oct. 20 Patch Deadline

Researchers Say GoAnywhere CVSS 10 Flaw Was Exploited as Zero-Day Before Disclosure

Decade-Old Pixie Dust Flaw Still Exposes WPS on Consumer Routers, NetRise Finds

Apple Backports ImageIO Zero‑Day Fix to Older iPhones and iPads

Samsung Issues Emergency Patch for Galaxy Zero-Day Exploited via Image Library

Apple Pushes Emergency iOS 18.6.2, iPadOS and macOS Updates to Patch Actively Exploited ImageIO Zero‑Day

Public Exploit Chains SAP NetWeaver Flaws for Admin-Level RCE

Cisco Talos Exposes UAT-7237 Cyberattacks on Taiwanese Web Infrastructure