The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Microsoft SharePoint Server that is being actively exploited by attackers in the wild.
The vulnerability, tracked as CVE-2025-53770, allows unauthorized remote code execution through deserialization of...
A critical vulnerability in the popular 7-Zip file archiver has been discovered and patched, allowing malicious actors to craft weaponized RAR5 files that can crash systems and potentially corrupt memory.
The security vulnerability, designated CVE-2025-53816, affects 7-Zip versions prior to 25.00 and demonstrates how...
A sophisticated new attack technique that exploits FIDO key authentication systems by tricking users into scanning malicious QR codes with their multi-factor authentication (MFA) apps.
The attack, attributed to the PoisonSeed threat group known for cryptocurrency theft campaigns, represents a significant evolution in phishing...
A critical zero-day vulnerability in Microsoft SharePoint servers, designated CVE-2025-53770, that allows attackers to achieve remote code execution without authentication.
The security firm discovered the threat during routine monitoring on July 18, 2025, when their CrowdStrike Falcon EDR deployment flagged suspicious activity on a...
A critical zero-day vulnerability in CrushFTP servers has been actively exploited by attackers since July 18th, 2025, with security researchers confirming widespread attacks targeting unpatched installations.
The vulnerability, designated CVE-2025-54309, affects all CrushFTP version 10 installations below 10.8.5 and version 11 installations below 11.3.4_23,...
Sophos has disclosed three high-severity security vulnerabilities in its Intercept X for Windows endpoint protection software that could allow local attackers to gain system-level privileges and execute arbitrary code.
The cybersecurity company released patches for all three vulnerabilities on July 17, 2025, following responsible...