A critical zero-day vulnerability has been discovered in Wing FTP Server, a popular file transfer software used by over 10,000 customers worldwide, that allows attackers to gain complete control over affected systems without authentication.
The vulnerability , assigned CVE-2025-47812 with a maximum severity score...
A newly disclosed security vulnerability in ModSecurity, one of the most widely deployed web application firewalls, could allow attackers to crash protected web applications through carefully crafted XML requests containing empty tags.
The vulnerability, tracked as GHSA-gw9c-4wfm-vj3x, affects mod_security2 versions 2.9.8 and later when...
A critical vulnerability in the Python-based data exfiltration utility employed by the notorious Cl0p ransomware group, revealing that the malware's own infrastructure can be exploited for remote code execution attacks.
The vulnerability, discovered in tools widely distributed during the group's destructive 2023-2024 MoveIt campaigns,...
A critical security vulnerability has been discovered in the State Bank of India's YONO mobile banking application, potentially exposing millions of users to sophisticated cyber attacks.
The vulnerability, officially designated as CVE-2025-45080, affects version 1.23.36 of the YONO SBI: Banking & Lifestyle app and...
A severe security vulnerability discovered in the popular Forminator WordPress plugin has left over 600,000 websites vulnerable to complete takeover by unauthenticated attackers.
The vulnerability, designated CVE-2025-6463 with a critical CVSS rating of 8.8, allows malicious actors to delete arbitrary files from affected servers,...
A critical vulnerability in Anthropic's Model Context Protocol (MCP) Inspector tool that allows remote code execution through malicious websites.
The vulnerability , assigned CVE-2025-49596 with a CVSS score of 9.4, represents one of the first critical security issues in Anthropic's MCP ecosystem and highlights...