A critical security vulnerability in the popular "Alone" WordPress theme has been actively exploited by cybercriminals to gain complete control of vulnerable websites.
The vulnerability, which affects a theme with over 9,000 sales, allows unauthenticated attackers to upload malicious files and execute remote...
A critical security vulnerability has been discovered in BeyondTrust's Privilege Management for Windows software that enables local authenticated attackers to escalate their privileges to administrator level.
The vulnerability, assigned CVE-2025-2297 and carrying a CVSSv4 score of 7.2, affects all versions prior to 25.4.270.0 and...
SonicWall has disclosed a significant security vulnerability affecting its Gen7 firewall products that could allow remote attackers to disrupt network services without authentication.
The vulnerability, tracked as CVE-2025-40600 and assigned advisory ID SNWLID-2025-0013, was first published on July 29, 2025, with updates released the...
A critical security vulnerability in Base44, a popular AI-powered "vibe coding" platform recently acquired by Wix, that allowed unauthorized access to private applications built by users.
The vulnerability, which has since been patched, could have exposed sensitive enterprise data including internal chatbots, HR operations,...
A sophisticated attack targeting a U.S. chemicals company, where threat actors exploited a critical SAP NetWeaver vulnerability to deploy the elusive Auto-Color backdoor malware.
The April 2025 incident represents the first documented case linking CVE-2025-31324 exploitation with Auto-Color deployment, highlighting the evolving threat landscape...
Google has released a critical security update for Chrome, addressing multiple high-severity vulnerability that could allow attackers to manipulate system memory and potentially execute arbitrary code.
The update, version 138.0.7204.183/.184 for Windows and Mac, and 138.0.7204.183 for Linux, includes four security fixes and is...