Vulnerability

The LANDFALL spyware campaign exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library, targeting Galaxy devices (S22,…

The CVE-2025-41244 vulnerability in VMware Aria Operations and VMware Tools (with SDMP enabled) was exploited by the Chinese state-sponsored group…

GitHub’s Copilot Chat, an AI-powered coding assistant, was found vulnerable to a critical flaw named CamoLeak (CVSS 9.6)…

WatchGuard disclosed CVE-2025-9242, a critical remote code execution (RCE) vulnerability in its Firebox firewalls due to an out-of-bounds write flaw…

Suspected state-sponsored attackers exploited a zero-day command injection vulnerability (CVE-2025-59689) in Libraesva Email Security Gateway (ESG), versions 4.5 to…

A federal agency suffered a cyber intrusion in July 2024 due to unpatched vulnerabilities (CVE-2024-36401) in its public-facing GeoServer, exploited…

Researchers uncovered critical API authentication vulnerabilities in Pudu Robotics’ entire fleet of service robots (BellaBot, KettyBot, PuduBot, etc.), deployed globally…

Threat actors have identified a critical exposure in SMA’s deprecated Sunny WebBox devices, which remain widely internet-exposed despite being…

Hewlett Packard Enterprise (HPE) disclosed eight critical vulnerabilities in its StoreOnce data backup and deduplication platform, with the most severe…

AutomationDirect’s MB-Gateway devices, widely deployed in critical infrastructure, are affected by a maximum-severity missing authentication vulnerability (CVE-2025-36535), enabling remote…

The Node.js project disclosed CVE-2025-23166, a high-severity vulnerability in its core cryptographic operations that enables remote attackers to crash…

Security researchers identified three critical vulnerabilities in Google’s Gemini AI assistant, dubbed the 'Trifecta,' which could have…