SecurityWeek

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Analysis of a recent attack targeting VMware ESXi vulnerabilities from March 2025 revealed an exploit developed a year before ...
Dark Reading

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

A vulnerability found in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The remote code execution (RCE) bug allows attackers to take over servers using a PUT API ...
TechRepublic

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

New research by cybersecurity firm Mandiant provides eyebrow-raising statistics on the exploitation of vulnerabilities by attackers, based on an analysis of 138 different exploited vulnerabilities ...
Crowdfund Insider

Major DeFi Vulnerability Exposed: $26.44 Million Stolen from Truebit Protocol

In a significant blow to the nascent decentralized computing space, the Truebit Protocol fell victim to a sophisticated smart contract exploit.
Hosted on MSN

Thousands of Axis Servers in U.S. Exposed to Vulnerability Exploits

In today’s digital age, safeguarding sensitive information is of paramount importance to both individuals and businesses. However, recent developments indicate a significant breach in the security of ...
komonews

Hackers using vulnerability on Microsoft SharePoint servers to attack businesses, agencies

NEW YORK — Microsoft has issued an emergency fix to close off a vulnerability in Microsoft’s widely-used SharePoint software that hackers have exploited to carry out widespread attacks on businesses ...
Dark Reading

Decade-Old Cisco Vulnerability Under Active Exploit

Cisco is warning customers of a security vulnerability impacting its Adaptive Security Appliance (ASA) that is actively being exploited by threat actors. The bug, tracked as CVE-2014-2120 and a decade ...
WeLiveSecurity

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught ...
CSOonline

Gen AI is transforming vulnerability hunting for pen-testers and attackers alike

To discover this vulnerability, Kubecka instructed her custom GPT to analyze the patch for a known Zimbra flaw, providing the model with the code changes between the vulnerable and patched versions, ...
Bleeping Computer

Oracle silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters ...
CSOonline

CISOs advised to rethink vulnerability management as exploits sharply rise

Surge in vulnerabilities and exploits leaving overloaded security teams with little recourse but to embrace risk-based approaches to patching what they can. Enterprise attack surfaces continue to ...