Vulnerabilities

CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active attacks. The flaw, identified as CVE-2023-52163 with a CVSS score of 8.8, allows post-authentication remote code execution through a command injection vulnerability. […]

CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE Read More »

Critical n8n Flaw with CVSS 9.9 Allows Arbitrary Code Execution Across Thousands of Instances

Cybersecurity researchers have revealed a highly severe security flaw in the n8n workflow automation platform that could allow attackers to execute arbitrary code on vulnerable systems under specific conditions. The vulnerability is tracked as CVE-2025-68613 and has received a CVSS score of 9.9, placing it among the most critical software flaws disclosed this year. The issue was identified

Critical n8n Flaw with CVSS 9.9 Allows Arbitrary Code Execution Across Thousands of Instances Read More »

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard has issued an urgent security advisory after confirming active exploitation of a critical vulnerability in its Fireware OS. The flaw affects VPN functionality and has already been observed being abused in real world attacks, prompting immediate patching recommendations for all affected customers. The vulnerability, tracked as CVE-2025-14733, carries a CVSS score of 9.3 and is

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability Read More »

Cisco Warns of Active Attacks Exploiting Unpatched Zero Day in AsyncOS Email Security Appliances

Cisco has issued an urgent warning about an actively exploited zero day vulnerability affecting Cisco AsyncOS software. The flaw is being leveraged by a China aligned advanced persistent threat actor tracked as UAT 9686 in attacks against Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. Cisco said it became aware of the

Cisco Warns of Active Attacks Exploiting Unpatched Zero Day in AsyncOS Email Security Appliances Read More »

HPE OneView Flaw CVSS 10.0 Enables Unauthenticated Remote Code Execution

Hewlett Packard Enterprise (HPE) has addressed a critical security vulnerability in its OneView software that, if exploited, could allow remote code execution without authentication. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, highlighting its severity. HPE OneView is an IT infrastructure management platform that provides centralized control over systems and operations

HPE OneView Flaw CVSS 10.0 Enables Unauthenticated Remote Code Execution Read More »

CISA Flags Critical ASUS Live Update Flaw Following Evidence of Active Exploitation

The United States Cybersecurity and Infrastructure Security Agency has added a critical security flaw affecting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation. The alert highlights renewed concerns around a long standing supply chain issue tied to the ASUS software ecosystem. The vulnerability, tracked as CVE-2025-59374 with a

CISA Flags Critical ASUS Live Update Flaw Following Evidence of Active Exploitation Read More »

SonicWall Patches Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall has released security updates to address an actively exploited vulnerability affecting its Secure Mobile Access SMA 100 series appliances. The company confirmed that the flaw has been observed in real world attacks, prompting an urgent call for customers to apply the available fixes. The issue, tracked as CVE-2025-40602 with a CVSS score of 6.6,

SonicWall Patches Actively Exploited CVE-2025-40602 in SMA 100 Appliances Read More »

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass

Cybersecurity researchers have confirmed active attacks on Fortinet FortiGate devices exploiting two recently disclosed authentication vulnerabilities, less than a week after they were made public. Arctic Wolf, a cybersecurity firm, reported observing malicious single sign-on (SSO) login attempts on FortiGate appliances on December 12, 2025. The attacks target two critical authentication bypass flaws, tracked as

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass Read More »

FreePBX Fixes Critical SQL Injection, File Upload, and AUTHTYPE Bypass Flaws Leading to RCE

Cybersecurity researchers have revealed multiple serious security flaws in the open source PBX platform FreePBX, including issues that could allow attackers to bypass authentication and achieve remote code execution under specific configurations. The vulnerabilities were identified by researchers at Horizon3.ai and responsibly disclosed to the FreePBX maintainers on September 15, 2025. According to the findings,

FreePBX Fixes Critical SQL Injection, File Upload, and AUTHTYPE Bypass Flaws Leading to RCE Read More »

VolkLocker Ransomware Exposed After Hard Coded Master Key Enables Free Decryption

Cybersecurity researchers have exposed a critical design flaw in a new ransomware strain called VolkLocker, allowing victims to recover their files without paying a ransom. The malware is operated by the pro Russian hacktivist group CyberVolk, also known as GLORIAMIST, and is offered under a ransomware as a service model. The weakness lies in poor

VolkLocker Ransomware Exposed After Hard Coded Master Key Enables Free Decryption Read More »