A critical zero-day remote code execution vulnerability in Citrix NetScaler ADC and Gateway systems is putting thousands of organizations at immediate risk.
CVE-2025-7775 affects over 28,000 instances globally and is being actively exploited by threat actors, prompting emergency patch deployment advisories from cybersecurity agencies...
In a critical security advisory, researchers have disclosed a stored cross-site scripting (XSS) vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi).
Tracked as CVE-2025-50975, the vulnerability enables any authenticated administrator to inject arbitrary JavaScript that remains persistently stored in firewall rule parameters.
When other...
A newly documented cache deception attack exploits subtle discrepancies between caching layers and origin servers to expose sensitive endpoints and deliver malicious payloads.
By leveraging path normalization divergences and unconventional delimiters, attackers can trick content delivery networks (CDNs) into caching unauthorized responses while the...
A whistleblower disclosure filed by the Social Security Administration's Chief Data Officer has raised critical concerns about the Department of Government Efficiency (DOGE) allegedly creating an unauthorized live copy of over 300 million Americans' Social Security information in an unsecured cloud environment, potentially exposing...
A critical security bulletin warning that attackers are actively exploiting a zero-day remote code execution vulnerability in NetScaler ADC and Gateway products.
The vulnerability, tracked as CVE-2025-7775, has achieved a critical CVSS v4.0 base score of 9.2 and enables attackers to execute arbitrary code remotely...
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PHP library PhpSpreadsheet, allowing attackers to inject arbitrary HTML content that triggers HTTP requests from the server.
Tracked as CVE-2025-54370 and published under GitHub Security Advisory GHSA-rx7m-68vc-ppxh, the vulnerability affects a...