"MongoBleed": Exploit for critical vulnerability in MongoDB makes attacks easier

Those responsible for a MongoDB instance cannot rest easy: an exploit for a critical vulnerability makes upgrades even more ...
Security Boulevard

Best of 2025: LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for ...

SafeBreach researchers developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows ...
Dark Reading

Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices

With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors whose products have been ...
ZDNet

Exploit released for VMware vulnerability after CISA warning

According to experts tracking the issue, a working exploit for CVE-2021-22005 -- a vulnerability with VMware vCenter -- has been released and is reportedly being used by threat actors. A roundup of ...
Ars Technica

Attackers exploit 0-day vulnerability that gives full control of Android phones

Attackers are exploiting a zero-day vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel ...
Ars Technica

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The ...
ZDNet

Automated exploit of critical SAP SolMan vulnerability detected in the wild

Automated probes for servers containing a severe vulnerability in SAP software have been detected a week after a working exploit was published online. The vulnerability, tracked as CVE-2020-6207, is a ...
Engadget

Google just patched the fifth zero-day exploit for Chrome this year

Google has released a security update for the Chrome browser to fix a zero-day vulnerability exploit that has been used by threat actors. This is the fifth time this year the company has had to issue ...
Searchenginejournal.com

All in One SEO Pack Vulnerability – New Exploit

Researchers discovered a type of issue that is called a cross site scripting vulnerability (XSS). It can generally involve a compromised input interface. So anywhere that a user can input and upload ...
Bleeping Computer

Exploit released for critical VMware RCE vulnerability, patch now

Proof-of-concept exploit code is now available for a pre-authentication remote code execution (RCE) vulnerability allowing attackers to execute arbitrary code remotely with root privileges on ...
Computerworld

Hackers exploit JBoss vulnerability to compromise servers

Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner. At the beginning of ...
TechRepublic

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs ...

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs Your email has been sent Volt Typhoon, a Chinese state-sponsored hacking group, has been caught ...