Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
Accelerating Exposure Evaluation to Counter Rapid Adversary Breakout
Learn how organizations can reduce exposure risk by evaluating vulnerabilities and identity risks faster than the average breakout time of 62 minutes.
Flowise AI CVE-2025-59528 RCE Exploitation: Mitigation Guide
Active exploitation of CVE-2025-59528 (CVSS 10.0) targets Flowise AI's CustomMCP node. Learn how to detect and patch this critical RCE vulnerability today.
Storm-1175: China-Linked Zero-Day Exploits Deploy Medusa Ransomware
China-linked actor Storm-1175 is weaponizing zero-day and N-day vulnerabilities in perimeter assets to execute high-velocity Medusa ransomware attacks.
CVE-2024-29847: Ivanti Endpoint Manager RCE Patch and Detection Guide
Ivanti Endpoint Manager (EPM) critical RCE (CVE-2024-29847) allows unauthenticated attackers to execute code with SYSTEM privileges via deserialization.
GPUBreach Attack: Exploiting GDDR6 via GPU Rowhammer Bit-Flips
Researchers discover GPUBreach, a Rowhammer-style attack on GDDR6 memory that enables privilege escalation and full system takeover on modern GPUs.
Fix for Classic Outlook 0x80040115 Error Restores Email Delivery
Microsoft resolves a persistent bug in Classic Outlook causing 0x80040115 errors and email delivery failures for Outlook.com users. Learn how to fix it.
Windows BlueHammer Zero-Day Exploit: Local Privilege Escalation Analysis
A leaked BlueHammer exploit targets an unpatched Windows vulnerability, allowing local attackers to gain SYSTEM privileges. Analysis and mitigation guide inside.
CVE-2026-35616: Fortinet FortiClient EMS Vulnerability — KEV Alert
CISA adds CVE-2026-35616 affecting Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog. Learn how to mitigate this access control flaw.
UAT-10608 Exploits Next.js CVE-2024-34351 via React2Shell Script
Threat actor UAT-10608 is leveraging an automated script to exploit a Next.js SSRF flaw, exfiltrating credentials and environment secrets from web applications.
FortiClient EMS RCE via CVE-2023-48788 — Patch Guidance
CISA mandates federal agencies patch the critical FortiClient EMS SQL injection flaw, CVE-2023-48788, which allows unauthenticated remote code execution.
Chrome Zero-Day and Fortinet Exploits: Weekly Threat Intelligence
Intelligence analysis of the latest Chrome zero-day, Fortinet vulnerabilities, and the Axios security breach, including technical remediation for SOC teams.
CVE-2024-32113: Apache OFBiz RCE Exploited for Mirai Botnet
Technical analysis of CVE-2024-32113 exploitation in Apache OFBiz. Learn how attackers use path traversal to deploy Mirai botnet malware and how to patch.