Zero-Day

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections

Security researchers have disclosed a critical zero-day flaw in Cloudflare’s Web Application Firewall that allowed attackers to bypass security rules and directly access origin servers that were supposed to be fully protected. The issue was identified by researchers from FearsOff, who discovered that HTTP requests sent to the /.well-known/acme-challenge/ path could reach backend servers even when customers […]

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections Read More »

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco has released security updates to address a critical remote code execution vulnerability affecting Cisco AsyncOS Software used in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The patches arrive nearly one month after Cisco confirmed that the flaw was actively exploited as a zero day by a China linked advanced persistent

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways Read More »

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines

Chinese-speaking threat actors are believed to have abused a compromised SonicWall VPN appliance to gain initial access and deploy a sophisticated VMware ESXi virtual machine escape exploit. According to cybersecurity firm Huntress, the exploit may have been under development as early as February 2024. Huntress detected the malicious activity in December 2025 and successfully disrupted

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines Read More »

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to federal agencies, calling for immediate patching of a critical React vulnerability amid escalating global exploitation. Agencies have now been instructed to apply fixes by December 12, 2025, underscoring the growing severity of the threat. The flaw, tracked as CVE-2025-55182 with a

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation Read More »

Unpatched Gogs Zero Day Actively Exploited Across More Than 700 Instances

A newly discovered and unpatched security vulnerability in Gogs is being actively exploited in the wild, with more than 700 compromised instances currently accessible over the internet. The findings were disclosed by Wiz following an investigation into a real world malware incident. The vulnerability, tracked as CVE-2025-8110 with a CVSS score of 8.7, affects the

Unpatched Gogs Zero Day Actively Exploited Across More Than 700 Instances Read More »

Critical React2Shell Flaw Added to CISA KEV After Active Exploitation Confirmed

The United States Cybersecurity and Infrastructure Security Agency  (CISA) has officially added a severe security flaw in React Server Components to its Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation attempts in live environments. React2Shell Classified as a Maximum Severity Threat The vulnerability is tracked as CVE-2025-55182 with a CVSS score of 10.0. It involves a remote

Critical React2Shell Flaw Added to CISA KEV After Active Exploitation Confirmed Read More »

Zero Click Agentic Browser Attack Can Wipe Entire Google Drive Through Crafted Emails

A new agent based browser attack has been discovered in Perplexity’s Comet browser, and researchers from Straiker STAR Labs warn that it can turn a harmless looking email into a destructive command that erases all files stored in a user’s Google Drive account. The method is known as the Zero Click Google Drive Wiper technique.

Zero Click Agentic Browser Attack Can Wipe Entire Google Drive Through Crafted Emails Read More »

Chinese Hackers Begin Exploiting the Newly Revealed React2Shell Vulnerability

Two China linked hacking groups have started weaponizing the newly revealed React Server Components vulnerability within hours of its public disclosure. The security flaw, tracked as CVE-2025-55182 with a maximum CVSS score of 10.0, allows unauthenticated remote code execution and has been patched in React versions 19.0.1, 19.1.2, and 19.2.1. AWS Detects Rapid Exploitation Attempts

Chinese Hackers Begin Exploiting the Newly Revealed React2Shell Vulnerability Read More »

Intellexa Leaks Expose Zero Days and Ads Based Delivery Method for Predator Spyware

A human rights lawyer in Pakistan’s Balochistan province received a suspicious WhatsApp link from an unknown sender, marking the first known case of a civil society member in Pakistan being targeted by Intellexa’s Predator spyware, according to Amnesty International. The link, Amnesty noted, is consistent with a “Predator attack attempt,” based on the technical behavior

Intellexa Leaks Expose Zero Days and Ads Based Delivery Method for Predator Spyware Read More »

CISA Alerts on a Critical Oracle Identity Manager Zero Day Vulnerability That Is Being Actively Exploited

The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered critical flaw in Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog. The agency confirmed that the vulnerability is currently being exploited in real world attacks. The flaw is tracked as CVE 2025 61757 with a CVSS score of 9.8.

CISA Alerts on a Critical Oracle Identity Manager Zero Day Vulnerability That Is Being Actively Exploited Read More »