Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
Apple Warns of Coruna and DarkSword Exploit Kits Targeting iOS
Apple warns of Coruna and DarkSword exploit kits targeting older iOS versions via malicious web content to steal sensitive data. Update your devices now.
CVE-2025-13901: Modicon M241, M251, M262 DoS Vulnerability Patch
An unauthenticated DoS vulnerability (CVE-2025-13901) impacts Schneider Electric Modicon M241, M251, M262 controllers. Patch now to prevent ICS disruption.
Magento PolyShell Vulnerability: Unauthenticated RCE Exposure
A critical flaw dubbed PolyShell affects Magento Open Source and Adobe Commerce 2.x, enabling unauthenticated remote code execution and site takeover.
54 EDR Killers Use BYOVD to Abuse 34 Signed Drivers
Analysis reveals 54 EDR killer programs abusing 34 signed drivers via BYOVD to neutralize security before ransomware deployment.
CVE-2025-13902: Patching Schneider Electric Modicon Controllers
Schneider Electric Modicon M241 and M251 controllers face XSS risks via CVE-2025-13902. Learn how to patch firmware and secure industrial control networks.
CVE-2026-2273: Schneider Electric EcoStruxure Automation Expert RCE
Schneider Electric has addressed a high-severity code injection vulnerability (CVE-2026-2273) in EcoStruxure Automation Expert that risks full system compromise.
APT28 Targets Ukraine via CVE-2024-45519 Zimbra Exploit
Russian APT28 hackers exploit CVE-2024-45519 in Zimbra Collaboration Suite to target Ukrainian government entities via malicious email-based command injection.
DJI Romo Remote Camera Access via MQTT Vulnerability
An MQTT misconfiguration in DJI Romo vacuums allows unauthorized remote control and camera access for 7,000 devices. Learn the risks and mitigation steps.
CVE-2024-38094: SharePoint RCE Exploited in the Wild — Patch Now
CISA adds CVE-2024-38094 to its KEV catalog after active exploitation of a SharePoint RCE vulnerability. Learn how to detect and remediate this threat.
DarkSword iOS Exploit Kit: Full Takeover via 6 Flaws and 3 Zero-Days
Analysis of DarkSword, a sophisticated iOS exploit kit using six vulnerabilities, including three zero-days, for state-sponsored surveillance and data theft.
CISA KEV Update: CVE-2025-66376 Zimbra and SharePoint Exploits
CISA warns of active exploitation for Zimbra CVE-2025-66376, SharePoint flaws, and Cisco zero-days used in ransomware attacks. Secure your systems now.
Ivanti Connect Secure RCE via CVE-2025-0551 — Mitigation Guide
Unauthenticated RCE vulnerabilities CVE-2025-0551 and CVE-2025-0552 impact Ivanti Connect Secure gateways. Learn how to detect and patch these critical flaws.