Coverage
Vulnerabilities
754 articles on vulnerability disclosures and exploits
Advertisement
ArmorCode Raises $16M to Scale Exposure Management Platform
ArmorCode secures $16 million in funding to advance its AI-powered exposure management platform, focusing on vulnerability prioritization and ASPM workflows.
Apple iOS CVE-2023-41993: Patching Exploited Spyware Vulnerabilities
CISA warns of three Apple iOS vulnerabilities, including CVE-2023-41993, exploited in mercenary spyware and cryptocurrency theft attacks. Patch immediately.
Iranian APT Exploits Edge Vulnerabilities in US Infrastructure
Iranian state-sponsored actors breached US airports and banks by exploiting edge device vulnerabilities, likely serving as initial access brokers for ransomware.
Hikvision and Rockwell Automation CVEs: CISA KEV Mitigation Guide
CISA adds Hikvision CVE-2017-7921 and Rockwell Automation flaws to the KEV catalog. Learn how to detect and mitigate these critical CVSS 9.8 vulnerabilities.
CVE-2024-28182: Python Cryptography RSA DoS Mitigation Guide
Technical deep dive into CVE-2024-28182, a denial-of-service vulnerability in the Python cryptography library. Learn how to detect and patch RSA-based DoS.
Optimizing Mutational Grammar Fuzzing for Enhanced Vulnerability Discovery
Explore the effectiveness and inherent flaws of mutational grammar fuzzing, a key technique for vulnerability discovery, and a method to improve its efficacy.
CISA KEV Update: Five Actively Exploited CVEs in Apple, Hikvision, Rockwell
CISA adds five actively exploited vulnerabilities, including Apple iOS/iPadOS use-after-free and Hikvision improper authentication, to its KEV Catalog. Patch these
CVE-2026-3094: Delta CNCSoft-G2 Out-of-bounds Write RCE
Delta Electronics CNCSoft-G2 is vulnerable to an out-of-bounds write (CVE-2026-3094) allowing remote code execution. Update to V2.1.0.39.
WordPress User Registration & Membership Plugin: Admin Account Exploit
Critical vulnerability in WordPress User Registration & Membership plugin actively exploited to create unauthorized admin accounts. Immediate update or removal is
CVE-2026-20122: Cisco Catalyst SD-WAN Manager Exploited in the Wild
Cisco confirms active exploitation of CVE-2026-20122 in Catalyst SD-WAN Manager, allowing authenticated attackers to perform arbitrary file overwrites.
2025 Zero-Day Exploitation Review: Enterprise & OS Targets Dominate
GTIG's 2025 zero-day review reveals 90 in-the-wild exploits, with a record 48% targeting enterprise tech and a surge in OS vulnerabilities. Includes actor TTPs.
Google Forecasts 90 Enterprise Zero-Day Exploits in 2025
Google predicts half of the 90 exploited zero-day vulnerabilities in 2025 will target enterprises. Understand attribution and proactive defense strategies.