In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
Zero cellular IoT devices in Rapid7's tests had tamper protections. That's right—none. Attackers with a screwdriver can pivot straight to your cloud.
Q4 2025 was a vulnerability bloodbath. Attackers feasted on decade-old bugs while new ones piled up.
Hackers from Russia and China are still milking a patched WinRAR vulnerability, CVE-2025-8088, to sneak malware past defenses. It's a stark reminder: patches mean nothing if you don't apply them.
Just when Citrix fans breathed easy post-Bleed, CVE-2026-3055 rips open NetScaler memory via SAML setups. It's live in exploits, CISA-KEV listed, Metasploit-ready—history repeating fast.
Claude Mythos Preview dug up a 27-year-old OpenBSD flaw like it was yesterday's trash. Project Glasswing isn't hype—it's the radar pinging a storm defenders aren't ready for.
A trusted video conferencing tool turns traitor. In Operation TrueChaos, attackers hijacked TrueConf's update mechanism to slip malware into air-gapped government networks across Southeast Asia.
Attackers cracked a FortiGate firewall via CVE-2025-59718, bypassed SSO, and prowled silently inside. Responders caught them mid-lateral move—here's the raw playbook.
Forget the headlines about fewer browser hacks—your office router or firewall might be the real spy magnet this year. Google's zero-day count stabilized at 90, but enterprises now shoulder nearly half the pain.
Imagine trusting your workflows to n8n, only to find shared credentials handing attackers full control. This vuln exposes deep flaws in open-source automation.
A single HTTP request flips your React server into a hacker's playground. Google Threat Intel spots China-nexus groups dropping backdoors via CVE-2025-55182—React2Shell—just days after disclosure.
Dell RecoverPoint appliances got quietly owned by UNC6201 via a perfect-10 CVSS zero-day. Now they're deploying GRIMBOLT, a C# beast that's harder to spot than its predecessor.
Hidden APIs? Cute. AI agents find them in seconds. Your security by obscurity just got automated into oblivion.