Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
DarkSword iPhone Exploit Kit: Zero-Day Attacks on iOS Users
DarkSword, an advanced iPhone exploit kit, leverages multiple zero-day vulnerabilities to target users in Saudi Arabia, Turkey, Malaysia, and Ukraine for espionage and
CVE-2025-66376: ZCS Cross-Site Scripting Actively Exploited
CISA adds CVE-2025-66376, a Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting vulnerability, to its KEV Catalog due to active exploitation. Immediate
CVE-2026-20963: Microsoft SharePoint Deserialization Exploit — Patch Now
CISA adds CVE-2026-20963, a Microsoft SharePoint deserialization vulnerability, to its KEV catalog due to active exploitation. Immediate patching is critical for all
XBOW: AI-Powered Offensive Security Reshapes Vulnerability Discovery
XBOW, an autonomous offensive security firm, secured $120M, reaching a $1B+ valuation. Explore its AI-powered platform for vulnerability discovery and validation.
Machine-Speed Attacks: The Failure of Predictive Security Models
Analysis of why predictive security models fail against machine-speed attacks and the technical shift toward preemptive security strategies for defenders.
ConnectWise ScreenConnect Flaw Allows Unauthorized Access
ConnectWise ScreenConnect users must patch a critical cryptographic signature verification flaw enabling unauthorized access and privilege escalation. Learn how to
CVE-2024-4510: Zimbra Collaboration Suite XSS Exploitation Guide
CISA adds CVE-2024-4510 to the KEV catalog following active exploitation of a Zimbra Collaboration Suite XSS vulnerability. Patch ZCS version 9.0.0 today.
DarkSword iOS Exploit Chain: Analyzing Multi-Actor Zero-Day Campaigns
Analysis of the DarkSword iOS exploit chain, used by multiple actors to deploy GHOSTBLADE and GHOSTKNIFE malware via zero-day vulnerabilities in iOS 18.7.
SideWinder APT Expands Southeast Asia Espionage Campaign
SideWinder APT targets government and telecom sectors in Southeast Asia using spear-phishing and rotating infrastructure for persistent espionage operations.
DarkSword iOS Exploit Kit: Analysis of State-Sponsored Spyware Chains
Analysis of the DarkSword exploit kit targeting six iOS vulnerabilities for state-sponsored surveillance and full device compromise via WebKit exploits.
CVE-2026-20131: Interlock Ransomware Exploits Cisco FMC — Patch Now
Interlock ransomware actors are exploiting CVE-2026-20131, a critical 10.0 CVSS zero-day in Cisco FMC, to gain unauthenticated root access and deploy malware.
Ivanti vTM Authentication Bypass: CVE-2024-7593 Mitigation Guide
Ivanti patches a critical authentication bypass in Virtual Traffic Manager. Learn how CVE-2024-7593 allows unauthenticated administrative access.