Technology ❯ Software

Vulnerabilities

Zero-Day Exploits CVE Remote Code Execution Exploits Exploitation CVE Identifiers Denial of Service Malware Security Updates Aviation Software

Axios Posts Post-Mortem on npm Supply-Chain Attack After Maintainer Account Takeover

Maintainers describe a social-engineering breach that let an attacker ship trojanized releases.

Magento ‘PolyShell’ Exploited at Scale as New WebRTC Skimmer Bypasses Site Defenses

DarkSword iPhone Exploit Leaks on GitHub, Threatens Unpatched Devices

CISA Flags Cisco Firewall Zero-Day Exploited by Interlock, Sets March 22 Patch Deadline

CISA Adds Three Actively Exploited Flaws to KEV, Sets Fast Federal Patching Deadlines

Dell Patches RecoverPoint Zero-Day Exploited Since 2024 by Suspected China Group

Security Warning Links Massive DDoS to 'Kimwolf' Botnet of Android TVs

CISA Forces Three-Day Patch for Actively Exploited SolarWinds Web Help Desk Flaw

APT28 Exploits Newly Patched Microsoft Office Flaw in Targeted Campaigns

n8n Issues Fixes After JFrog Uncovers Sandbox Escapes Allowing Authenticated RCE

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog With Feb. 12 Remediation Deadline

Huntress Uncovers Pre-Disclosure ESXi VM-Escape Toolkit Used in December Intrusion

Veeam Ships Fixes for Critical Backup & Replication RCE, Urges Update to 13.0.1.1071

React2Shell Attacks Escalate as Microsoft Confirms Hundreds of Compromised Systems

ICO Fines LastPass £1.2 Million Over 2022 Breach Affecting 1.6 Million UK Users

Barts Health Seeks Court Order After Cl0p Posts Stolen NHS Invoice Files on Dark Web Site

Apple Podcasts Auto-Opens to Unwanted Shows, Raising Security Concerns

WrtHug Campaign Hijacks About 50,000 ASUS Routers Worldwide

Logitech Confirms Data Breach Tied to Third-Party Zero-Day Exploit

GlobalLogic Confirms Oracle EBS Breach Exposed Data on 10,471 Staff as Clop Campaign Widens