In a critical security advisory, researchers have disclosed a stored cross-site scripting (XSS) vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi).
Tracked as CVE-2025-50975, the vulnerability enables any authenticated administrator to inject arbitrary JavaScript that remains persistently stored in firewall rule parameters.
When other...
A critical security bulletin warning that attackers are actively exploiting a zero-day remote code execution vulnerability in NetScaler ADC and Gateway products.
The vulnerability, tracked as CVE-2025-7775, has achieved a critical CVSS v4.0 base score of 9.2 and enables attackers to execute arbitrary code remotely...
In a coordinated statement issued today, the Maryland Transit Administration (MTA) and the Maryland Department of Information Technology (DoIT) confirmed that they are investigating a cybersecurity breach that has resulted in unauthorized access to critical systems.
As dedicated teams work to contain the threat,...
On August 21, 2025, the French retail giant Auchan disclosed a significant cybersecurity breach affecting “several hundred thousand” customer loyalty accounts.
In a statement issued Thursday evening, the company confirmed the theft of personal data but emphasized that no banking or payment information was...
A massive coordinated campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with nearly 2,000 malicious IP addresses conducting simultaneous reconnaissance attacks against authentication portals.
The unprecedented surge represents a 400-fold increase from normal baseline activity and signals potential preparations for large-scale credential-based attacks on...
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025, highlighting active exploitation of critical vulnerabilities affecting Citrix Session Recording and Git systems.
The additions include CVE-2024-8069 and CVE-2024-8068 in Citrix...