A sophisticated cyber attack campaign that exploited a Google Chrome zero-day vulnerability in March 2025, with investigators now linking the operation to a persistent threat actor group.
The Positive Technologies Expert Security Center analyzed the attack targeting the previously unknown vulnerability, tracked as CVE-2025-2783,...
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-click vulnerability in Apple's iOS to its Known Exploited Vulnerabilities (KEV) catalog, following evidence that the flaw has been actively exploited by sophisticated spyware campaigns targeting journalists across Europe.
CISA has designated CVE-2025-43200 as...
A critical vulnerability in Langflow to deliver the Flodrix botnet malware. The vulnerability, tracked as CVE-2025-3248 with a CVSS score of 9.8, affects Langflow versions prior to 1.3.0 and allows unauthenticated remote code execution on vulnerable servers.
The vulnerability, tracked as CVE-2025-3248 with a...
A critical remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders.
GreyNoise Intelligence has observed a concentrated burst of exploitation attempts targeting CVE-2023-28771.
The security firm detected 244 unique IP addresses attempting to exploit the vulnerability over UDP port 500 on...
IBM has disclosed a critical security vulnerability in its Backup, Recovery and Media Services for i platform that could allow attackers to gain elevated privileges and execute malicious code with enhanced system access.
The vulnerability, tracked as CVE-2025-33108, affects versions 7.5 and 7.4 of...
A critical security vulnerability discovered in KIA Ecuador vehicles manufactured between 2022 and 2025 has exposed thousands of cars to potential theft through exploitable keyless entry systems.
Independent hardware security researcher Danilo Erazo identified that these vehicles use outdated learning code technology instead of...