Security researchers have confirmed active exploitation of a critical vulnerability affecting the Modular DS WordPress plugin, allowing attackers to gain administrator level access without authentication. The issue has been disclosed by WordPress security firm Patchstack and is already being abused in real world attacks. The vulnerability is tracked as CVE-2026-23550 and carries a maximum CVSS […]
Fortinet has released security updates to address a critical vulnerability in FortiSIEM that could allow unauthenticated attackers to execute arbitrary code on affected systems. The flaw poses a serious risk to organizations using vulnerable FortiSIEM deployments, particularly those with exposed management services. Vulnerability Overview The issue, tracked as CVE-2025-64155, carries a CVSS score of 9.4, indicating critical
ServiceNow has disclosed and patched a critical security vulnerability in its artificial intelligence platform that could have allowed unauthenticated attackers to impersonate legitimate users and perform actions on their behalf. The flaw, tracked as CVE-2025-12420 and rated 9.3 on the CVSS scale, affects components within the ServiceNow AI ecosystem. The vulnerability has been named BodySnatcher
ServiceNow Fixes Critical AI Platform Flaw Enabling Unauthenticated User Impersonation Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a serious security vulnerability affecting Gogs, a self-hosted Git service. The flaw has now been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling confirmed real-world attacks. The vulnerability, tracked as CVE-2025-8110 with a CVSS score of 8.7, stems from a
CISA Alerts on Active Exploitation of Gogs Vulnerability Allowing Code Execution Read More »
Several Cisco switch models are unexpectedly entering reboot loops after reporting critical DNS client errors, according to recent reports compiled by BleepingComputer. The issue appears to have started around 2 AM, when a firmware problem in the switches’ DNS client service began treating DNS lookup failures as fatal errors. This caused the affected switches to
Cisco Switches Affected by Reboot Loops Caused by DNS Client Bug Read More »
Trend Micro has issued urgent security updates for multiple vulnerabilities affecting on-premise Windows deployments of Apex Central, including a critical flaw that could allow attackers to execute arbitrary code with elevated privileges. The most severe issue, tracked as CVE-2025-69258, has been assigned a CVSS score of 9.8, placing it among the highest risk vulnerabilities. According to Trend
Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions Read More »
Cisco has issued updates to fix a medium-severity vulnerability affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), after a publicly available proof-of-concept (PoC) exploit was released. The flaw, tracked as CVE-2026-20029 with a CVSS score of 4.9, resides in the licensing functionality and could allow a remote, authenticated attacker with administrative
Cisco Patches ISE Security Flaw Following Public PoC Exploit Release Read More »
Security researchers have disclosed 11 high-impact security vulnerabilities affecting Coolify, an open-source self-hosting and application deployment platform. The flaws could allow attackers to bypass authentication controls and execute arbitrary commands, potentially resulting in complete server and infrastructure compromise on self-hosted instances. Overview of the Disclosed Vulnerabilities The identified issues primarily stem from command injection, improper
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security vulnerabilities affecting Microsoft Office and HPE OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence that the flaws are being actively abused by threat actors. The move highlights growing concerns about unpatched enterprise software being leveraged in real-world attacks. Vulnerabilities Added to KEV Catalog The following security
CISA Flags Microsoft Office and HPE OneView Vulnerabilities as Actively Exploited Read More »
Cybersecurity researchers have reported ongoing attacks exploiting a critical vulnerability in legacy D-Link DSL gateway routers. The flaw, tracked as CVE-2026-0625, has a CVSS score of 9.3 and enables unauthenticated remote attackers to execute arbitrary code on affected devices. Command Injection in DNS Configuration Endpoint The vulnerability stems from improper sanitization of user-supplied DNS parameters in the dnscfg.cgi endpoint. Exploitation allows
Ongoing Attacks Target Legacy D-Link DSL Routers via Critical RCE Vulnerability Read More »