Alert

Cybersecurity researchers have discovered a campaign exploiting a remote command execution vulnerability, CVE-2023-20118, in Cisco Small Business Routers. This vulnerability affects models RV016, RV042, RV042G, RV082, RV320, and RV325. The flaw in these devices is their web-based management interface, which has poor input validation. This allows unauthorized attackers to run …

CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog, urging organizations to quickly patch their systems to prevent exploitation. New vulnerabilities, CVE-2023-34192 and CVE-2024-49035, affect popular platforms and pose serious risks to public and private sectors. CVE-2023-34192 is a high-severity Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration …

A new cyber campaign called GitVenom poses a serious risk to developers. Security researchers found over 200 fake GitHub repositories that disguise themselves as legitimate projects to distribute information stealers and remote access trojans (RATs). For almost two years, these repositories have exploited developers’ trust in open-source platforms to access …

CVE-2024-20953 is a vulnerability in Oracle Agile PLM, a product lifecycle management tool. With a CVSS score of 8.8, it allows low-privileged attackers with HTTP network access to exploit systems running version 9.3.6. This could result in complete system takeover, risking sensitive supply chain data and business operations. The vulnerability …

Security researchers have released a proof-of-concept exploit for CVE-2025-20029, a serious command injection vulnerability in F5’s BIG-IP application delivery controllers. The flaw has a CVSS v3.1 score of 8.8 and allows authenticated attackers to execute arbitrary system commands due to improper handling of special elements in the iControl REST API …

On February 21, the Australian Department of Home Affairs issued a directive prohibiting the installation of Kaspersky Lab products and services on all Australian government systems and devices. The directive under the protective security policy framework (PSPF) mandates federal entities to eliminate “all instances” of Kaspersky’s products. Home Affairs secretary …

CISA has added a serious security flaw in the Craft content management system (CMS) to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. The vulnerability CVE-2025-23209 (CVSS score: 8.1) affects Craft CMS versions 4 and 5. It was fixed by the maintainers in late December 2024 with …

The FBI and CISA reported on Wednesday that the ransomware group Ghost has been exploiting software and firmware vulnerabilities as recently as January. The group targets internet services with old, unpatched vulnerabilities that users could have addressed years ago. Cybersecurity researchers began alerting the public about the group in 2021. …

Palo Alto Networks has issued urgent warnings about threat actors to exploit vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. Coordinated attacks can exploit flaws in authentication and privilege escalation to gain unauthorized access to unpatched devices, threatening the security of enterprise networks. CVE-2025-0108 is a serious authentication …