Researchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products…

Sean Heelan: > The vulnerability [o3] found is CVE-2025-37899 (fix [here](https://github.com/torvalds/linux/commit/2fc9feff45d92a92cd5f96487655d5be23fb7e2b)), a use-after-free in the handler for the SMB 'logoff' command. Understanding the vulnerability requir…

Canon has updated its January 2025 security advisory to include a newly identified critical vulnerability — CVE-2025-2146 — The post Critical (CVSS 9.8): Canon Printers Vulnerable to Arbitrary Code Execution appeared first on Daily CyberSecurity.

Colin Watson uploaded new packages for python-django which fixed the following security problems: CVE-2025-32873 Denial-of-service possibility in strip_tags(). django.utils.html.strip_tags() would be slow to evaluate certain inputs containing large seque…

A recently disclosed vulnerability in WSO2 products, identified as CVE-2024-6914, poses a severe security threat to organizations using The post Critical WSO2 Flaw: Unauthenticated Account Takeover Risk (CVSS 9.8) appeared first on Daily CyberSecurity.

A newly disclosed critical vulnerability in Sony’s SNC-series network cameras—tracked as CVE-2025-5124 with a CVSS score of 9.4—has The post Sony Camera Hack (CVSS 9.4): Default Credential Flaw Risks Full Control (PoC) appeared first on Daily CyberSecurity.

A critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite’s CalendarInvite feature is actively being exploited, potentially by the…

CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that has been exploiting…

A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately.

A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy Cobalt Strike and VShell. Cisco Talos researchers attribute the exploitation of the CVE-2025-0994 in Trimble Cityworks to Chinese-speaking threat actor UAT-6382,…

Canon has issued a security advisory warning customers about two high-severity vulnerabilities—CVE-2025-3078 and CVE-2025-3079—that affect a range of The post Print Security Warning: Canon Printers Exposed to Data Theft appeared first on Daily CyberSecurity.

A newly discovered zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM) — CVE-2025-4428 — is being actively exploited The post Ivanti EPMM Under Attack: Zero-Day RCE Exploited by China-Linked Group UNC5221 appeared first on Daily CyberSecurity.

This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the Indirect Target Selection (ITS) vulnerability (CVE-2024-28956) and the Branch Privilege Injection vulnerability (CVE-2024-45332). For CPUs aff…

A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions. The post CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE appeared…

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted re…

Cloudflare patched a vulnerability (CVE-2025-4366) in the Pingora OSS framework, which exposed users of the framework and Cloudflare CDN’s free tier to potential request smuggling attacks. After being notified, Cloudflare mitigated the issue within 22 hours.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2025-4632 Samsung MagicINFO 9 Server Path Traversal Vulnerability These types of vulnerabilities…

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated attackers to take over admin accounts and gain full control over target WP-based sites. Th…

In a recent revelation, OP Innovate has uncovered early evidence of real-world exploitation of CVE-2025-31324 (CVSS 10), a The post SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection appeared first on Daily CyberSecurity.