Vulnerabilities

Fortinet, Ivanti, and SAP Release Urgent Fixes for Authentication and Code Execution Vulnerabilities

Security teams across multiple industries are racing to deploy urgent updates after Fortinet, Ivanti, and SAP released patches for high risk vulnerabilities that could allow attackers to bypass authentication controls or execute malicious code. The newly disclosed flaws are considered especially dangerous because of their potential to provide remote, unauthenticated access to critical systems at […]

Fortinet, Ivanti, and SAP Release Urgent Fixes for Authentication and Code Execution Vulnerabilities Read More »

Sneeit WordPress RCE Exploited in the Wild, and ICTBroadcast Bug Powering Frost Botnet Attacks

A severe security weakness found in the Sneeit Framework plugin for WordPress is currently being abused across live sites, based on information shared by Wordfence. The flaw, tracked as CVE-2025-6389 with a CVSS rating of 9.8, affects every version up to 8.3. Developers fixed the issue in version 8.4 released on August 5, 2025. The

Sneeit WordPress RCE Exploited in the Wild, and ICTBroadcast Bug Powering Frost Botnet Attacks Read More »

Researchers Find More Than 30 Flaws in AI Coding Tools Allowing Data Theft and RCE Attacks

Security analysts have uncovered more than 30 vulnerabilities across several artificial intelligence powered Integrated Development Environments that blend prompt injection weaknesses with trusted development features. These issues enable information theft and remote code execution. The combined flaws have been named IDEsaster by security researcher Ari Marzouk, also known as MaccariTA. The findings affect a wide

Researchers Find More Than 30 Flaws in AI Coding Tools Allowing Data Theft and RCE Attacks Read More »

Critical React2Shell Flaw Added to CISA KEV After Active Exploitation Confirmed

The United States Cybersecurity and Infrastructure Security Agency  (CISA) has officially added a severe security flaw in React Server Components to its Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation attempts in live environments. React2Shell Classified as a Maximum Severity Threat The vulnerability is tracked as CVE-2025-55182 with a CVSS score of 10.0. It involves a remote

Critical React2Shell Flaw Added to CISA KEV After Active Exploitation Confirmed Read More »

Zero Click Agentic Browser Attack Can Wipe Entire Google Drive Through Crafted Emails

A new agent based browser attack has been discovered in Perplexity’s Comet browser, and researchers from Straiker STAR Labs warn that it can turn a harmless looking email into a destructive command that erases all files stored in a user’s Google Drive account. The method is known as the Zero Click Google Drive Wiper technique.

Zero Click Agentic Browser Attack Can Wipe Entire Google Drive Through Crafted Emails Read More »

JPCERT Confirms Active Command Injection Attacks Targeting Array AG Gateways

JPCERT/CC has confirmed that a command injection vulnerability in Array Networks AG Series secure access gateways has been actively exploited since August 2025. The alert, released this week, warns organizations to take immediate protective measures. The vulnerability, which has not yet received a CVE identifier, was addressed by Array Networks on May 11, 2025. It

JPCERT Confirms Active Command Injection Attacks Targeting Array AG Gateways Read More »

Critical RSC Bugs in React and Next.js Enable Unauthenticated Remote Code Execution

A newly disclosed maximum severity vulnerability in React Server Components has raised significant alarm across the web development ecosystem. The flaw, assigned CVE-2025-55182 and nicknamed React2shell, allows attackers to execute code remotely without authentication simply by sending a specially crafted request to a Server Function endpoint. Nature of the Vulnerability The React Team stated that

Critical RSC Bugs in React and Next.js Enable Unauthenticated Remote Code Execution Read More »

Microsoft Quietly Fixes Windows LNK Flaw After Years of Active Exploitation

Microsoft has rolled out a silent fix for a Windows Shortcut (LNK) vulnerability that has been under active exploitation since 2017. The update was released as part of the company’s November 2025 Patch Tuesday batch, according to details published by ACROS Security’s 0patch team. Background of the Vulnerability The flaw, tracked as CVE-2025-9491 and rated

Microsoft Quietly Fixes Windows LNK Flaw After Years of Active Exploitation Read More »

Picklescan Bugs Let Malicious PyTorch Models Bypass Scans and Run Unauthorized Code

A set of three serious vulnerabilities has been uncovered in Picklescan, an open source security tool created by Matthieu Maitre, designed to inspect Python pickle files and detect dangerous behavior before any code is executed. These flaws make it possible for attackers to hide harmful commands inside PyTorch models and completely bypass the scanner, posing

Picklescan Bugs Let Malicious PyTorch Models Bypass Scans and Run Unauthorized Code Read More »

Active Attacks on WordPress King Addons Flaw Allow Hackers to Create Admin Accounts

A severe security vulnerability affecting the King Addons for Elementor WordPress plugin is currently under active exploitation. The flaw, tracked as CVE-2025-8489 with a CVSS score of 9.8, allows unauthenticated attackers to escalate their privileges by registering directly as administrators. The issue impacts all plugin versions from 24.12.92 up to 51.1.14. The maintainers issued a

Active Attacks on WordPress King Addons Flaw Allow Hackers to Create Admin Accounts Read More »