"MongoBleed": Exploit for critical vulnerability in MongoDB makes attacks easier

Those responsible for a MongoDB instance cannot rest easy: an exploit for a critical vulnerability makes upgrades even more ...

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited ...
Ars Technica

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The ...

8 Google Zero-Day Warnings — Should You Stop Using Chrome?

Google has now confirmed no fewer than eight zero-day vulnerabilities affecting the Chrome browser this year. Is it time to ...

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...
TechRepublic

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs ...

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs Your email has been sent Volt Typhoon, a Chinese state-sponsored hacking group, has been caught ...
TechRepublic

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

New research by cybersecurity firm Mandiant provides eyebrow-raising statistics on the exploitation of vulnerabilities by attackers, based on an analysis of 138 different exploited vulnerabilities ...
WeLiveSecurity

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught ...
CRN

Cisco Discloses High-Severity Vulnerability, Exploit Code Released

The tech giant has provided a patch for the root escalation vulnerability, which affects a number of devices that run the Cisco Integrated Management Controller. Cisco disclosed a new high-severity ...
CRN

ConnectWise ScreenConnect Vulnerability Seeing Exploits: CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is seeing active exploits related to the ConnectWise ScreenConnect vulnerability that was reported earlier last week. Vulnerabilities ...
Infosecurity-magazine.com

Malicious Actors Exploit ProjectSend Critical Vulnerability

Public-facing instances of ProjectSend, an open-source file-sharing web application, have been exploited by attackers, according to vulnerability intelligence provider VulnCheck. ProjectSend was ...
Ars Technica

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, ...