CISA orders federal agencies to execute rapid patching for Drupal Core SQL injection zero-day
A critical unauthenticated input validation vulnerability within a core database layer of a primary content management system has triggered an […]
Weaver E-cology office collaboration hubs targeted via remote command execution exploits
Active compromise campaigns are leveraging an unauthenticated logic flaw present inside a dominant enterprise collaboration system. Threat actors are routing
Weaver E-cology office collaboration hubs targeted via remote command execution exploits Read More »
Ubiquiti rolls out critical fixes for maximum-severity vulnerabilities in UniFi OS platform
Multiple critical configuration and input validation vulnerabilities have been addressed within a widely deployed unified network and physical security operating
Threat groups optimize RedSun and UnDefend zero-day exploit packages targeting Microsoft Defender
Advanced compromise networks have achieved functional real-world weaponization of two recently identified structural vulnerabilities targeting core platform protective drivers. Attackers
Mass automated exploitation targets Drupal Core SQL Injection flaw following CISA KEV listing
Automated scanning networks have increased significantly, targeting a highly critical content management platform security flaw recently listed by federal regulators
Laravel Lang software translation packages poisoned in automated GitHub supply chain campaign
A sophisticated application layer supply chain compromise has infected software development environments by poisoning an open-source localization asset ecosystem. The
Critical LiteSpeed cPanel Plugin vulnerability CVE-2026-48172 exploited to gain server root
A maximum severity incorrect privilege assignment vulnerability within a prominent web server plugin environment has come under active exploitation in
Threat networks launch high-volume exploitation targeting Microsoft Defender engine flaws
Automated compromise campaigns have expanded significantly, targeting a newly identified logic flaw inside endpoint protective services to bypass local tracking
CISA adds Langflow AI orchestration vulnerability CVE-2025-34291 to KEV catalog
A critical origin validation failure vulnerability inside an artificial intelligence application development platform has been officially added to the federal
CISA adds Langflow AI orchestration vulnerability CVE-2025-34291 to KEV catalog Read More »
GitHub confirms exfiltration of 3,800 internal code repositories via trojanized IDE extension
A prominent code hosting and developer services platform has confirmed an unauthorized extraction targeting its internal engineering asset repositories. The
