A Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are currently being exploited in the wild.
The module, developed by Principal Security Researcher Stephen Fewer, exploits a chained attack leveraging CVE-2025-53770 and CVE-2025-53771 to achieve unauthenticated remote code execution on...
A sophisticated supply chain attack targeting developers emerged on Friday, July 18, 2025, when cybercriminals compromised several popular npm packages, including the widely used eslint-config-prettier package.
The attack, dubbed "Scavenger" by security researchers due to multiple references to "SCVNGR" strings in the malware variants,...
TP-Link has disclosed critical security vulnerabilities in two of its VIGI network video recorder (NVR) models that could allow attackers to execute arbitrary commands on affected devices.
The vulnerabilities, designated as CVE-2025-7723 and CVE-2025-7724, affect the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 systems,...
German industrial automation company Weidmueller Interface GmbH & Co. KG has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX series of security routers that could allow attackers to execute arbitrary commands with root privileges on targeted devices.
The vulnerabilities, tracked under five separate CVE identifiers...
Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have identified a sophisticated campaign targeting poorly secured Linux servers through SSH brute force attacks, deploying a Python-based DDoS botnet called SVF Bot that leverages Discord as its command-and-control infrastructure.
Discord-Powered Botnet Architecture
The SVF Botnet represents a...
Amazon Web Services has addressed a critical security vulnerability in its Client VPN software for Windows that could allow attackers to escalate privileges during the installation process.
The vulnerability, designated CVE-2025-8069, affects multiple versions of the popular remote access solution and has prompted AWS...