The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity Android Framework vulnerabilities to its Known Exploited Vulnerabilities catalog on December 2, 2025, signaling active exploitation in the wild.
CVE-2025-48572 enables local elevation of privilege, while CVE-2025-48633 allows information disclosure, both affecting core...
The Cl0p ransomware group claimed responsibility for breaching Broadcom, a major semiconductor firm, by exploiting a zero-day flaw in Oracle E-Business Suite.
This incident fits into Cl0p's broad campaign targeting enterprise systems since August 2025. Broadcom confirmed targeting but stated it patched the vulnerability...
The notorious Clop ransomware gang has posted Oracle on its dark web leak site, claiming a significant breach of the tech giant's internal systems.
This attack exploits a critical zero-day vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61882.
Known as Graceful Spider, the...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-13223, a high-severity type confusion vulnerability in Google Chromium's V8 JavaScript engine, to its Known Exploited Vulnerabilities (KEV) catalog.
This zero-day flaw allows remote attackers to trigger heap corruption via specially crafted HTML pages,...
Fortinet's popular web application firewall, FortiWeb, faces a serious threat from a newly discovered zero-day vulnerability that enables remote code execution (RCE).
This flaw, classified as an OS Command Injection issue under CWE-78, allows authenticated attackers to run unauthorized commands on the device's underlying...
The Washington Post has disclosed a significant data breach that compromised sensitive information for 9,720 current and former employees and contractors.
This incident, linked to a zero-day vulnerability in Oracle's E-Business Suite software, occurred between July 10 and August 22, 2025, but was only...