PT-2025-48348

🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Oracle CVE-2024-21854 is under active attack even after being patched. Learn why patch delays are dangerous and how to stay secure. 🌐 Explore the write-up → https://t.co/YSCfFvYLPP Join the discussion and tell us what you think!...

Attackers Actively Exploiting Critical Vulnerability in WP Freeio Plugin

On September 25th, 2025, we received a submission for a Privilege Escalation vulnerability in WP Freeio, a WordPress plugin bundled in the Freeio premium theme with more than 1,700 sales. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative...

Active Sybil Attack and Efficient Defense Strategy in IPFS DHT

The InterPlanetary File System IPFS is a decentralized peer-to-peer P2P storage that relies on Kademlia, a Distributed Hash Table DHT structure commonly used in P2P systems for its proved scalability. However, DHTs are known to be vulnerable to Sybil attacks, in which a single entity controls...

PT-2024-16374 · WordPress · Chartify

Name of the Vulnerable Software and Affected Versions: The Chartify – WordPress Chart Plugin versions up to, and including, 2.9.5 Description: The issue is related to Local File Inclusion, allowing unauthenticated attackers to include and execute arbitrary files on the server via the source...

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...

CVE-2024-45165

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "c2007 UCI Software GmbH B.Boll" without quotes. The key is both static and hardcoded. With access to messages, this results...

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 CVSS score: 8.6, concerns a directory transversal bug that could allow attackers to read sensitive fil...

Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...

PT-2024-33222 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: FortiClient EMS versions prior to the fixed version YESCAM com.yescom.YesCam.zwave version 1.0.2 Description: The issue allows a remote attacker to obtain sensitive information via the firmware update process or execute arbitrary code with...

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 CVSS score: 9.8, enables unauthenticated attackers to achieve remote code execution. It impacts all...

Ivanti patches second zero-day vulnerability being used in attacks

Ivanti has issued a patch to address a second critical zero-day vulnerability that is under active attack. The vulnerability is said to be used in combination with the first vulnerability we discussed some days ago. The Cybersecurity and Infrastructure Security Agency CISA has added the new...

3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way!

3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream...

Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in...

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity...

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group APT to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during...

Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

Threat actors are actively weaponizing unpatched servers affected by the newly identified "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even...

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

An active attack against more than 1.6 million WordPress sites is underway, with researchers spotting tens of millions of attempts to exploit four different plugins and several Epsilon Framework themes. The goal, they said, is complete site takeover using administrative privileges. The scope of t...

Critical RCE Flaw in ForgeRock Access Manager Under Active Attack

Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The Australian Cyber Security Centre has observed actors...

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

A security vulnerability in Cisco Adaptive Security Appliance ASA that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept PoC exploit code. The PoC was published by researchers from...

Chrome Browser Bug Under Active Attack

Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue. In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the...