Security Intelligence

WhatsApp vulnerability exploited in targeted zero-click attacks

Learn about CVE-2025-55177, a WhatsApp zero-click flaw added to CISA’s KEV catalog. See its impact on iOS and Mac users...

Security Intelligence

Sitecore vulnerabilities chained into pre-auth remote code execution

Researchers detail critical Sitecore flaws enabling remote code execution. Enterprises urged to patch immediately.

Security Intelligence

Threat actors target Salesforce instances via Salesloft Drift integration

Google warns of OAuth token abuse in Drift-Salesforce integrations, with attackers exfiltrating AWS keys, Snowflake...

Security Intelligence

Sangoma FreePBX warns of active exploitation of unpatched vulnerability

Sangoma warns of active FreePBX zero-day exploits. Restrict ACP access, apply EDGE update, and monitor for patches to...

Security Intelligence

Citrix’s August NetScaler patches include actively exploited zero-day

Citrix patches critical NetScaler ADC & Gateway flaws, including an exploited zero-day. Admins urged to update on-prem...

Security Intelligence

CISA confirms active exploitation of Git vulnerability

CISA adds Git CVE-2025-48384 to KEV list. Actively exploited flaw risks supply chain attacks on macOS/Linux. Patch Git...

Security Intelligence

PolarEdge: The evolution of persistent residential proxy infrastructure

PolarEdge botnet grows to 40,000+ IoT and edge devices, exploiting routers and firewalls to build stealthy residential...

Security Intelligence

Warlock ransomware: Opportunistic campaigns with strategic implications

Warlock, a newly emerged ransomware family, is at the center of a high-impact cyberattack campaign affecting the...

Security Intelligence

Commvault vulnerabilities chained into pre-auth RCE

Commvault patches four flaws in on-prem systems; researchers release exploit chains that risk RCE, data theft, and...

Security Intelligence

New attack method weaponizes privileged browser extensions

New DEF CON 33 research reveals DOM-based extension clickjacking—an attack exploiting browser extensions like password...

Security Intelligence

New exploit chains known SAP NetWeaver flaws

New SAP NetWeaver exploit chains CVE-2025-31324 & CVE-2025-42999, enabling stealthy system compromise. Learn defense...

Security Intelligence

Fortinet FortiWeb authentication bypass: Exploit release pending

Fortinet patches FortiWeb flaw CVE-2025-52970 (FortMajeure). Public exploit release looms—organizations urged to patch...