HPE urges immediate patch after OneView RCE flaw rated CVSS 10.0
TL;DR Hewlett Packard Enterprise warned customers to urgently patch OneView after disclosing a maximum-severity remote code execution vulnerability (CVE-2025-37164) affecting…
WatchGuard warns of actively exploited critical Firebox RCE; patch now
TL;DR WatchGuard has confirmed active exploitation of a critical remote code execution flaw in Firebox firewalls (CVE-2025-32978) and urged customers…
Pen testers say Eurostar accused them of ‘blackmail’ after chatbot flaws
TL;DR Security researchers at Pen Test Partners reported four vulnerabilities in Eurostar's public AI chatbot that could enable prompt injection,…
ViewState Deserialization Zero-Day in Sitecore Products — CVE-2025-53690
TL;DR Mandiant discovered an active ViewState deserialization attack against Sitecore instances that relied on a sample ASP.NET machine key published…
Oracle E-Business Suite Zero-Day Used in Large-Scale Extortion Campaign
TL;DR Google Threat Intelligence Group and Mandiant tracked a mass extortion campaign beginning Sept. 29, 2025, in which an actor…
Triofox Vulnerability CVE-2025-12480: Unauthenticated Host-Header Bypass Enables RCE
TL;DR Mandiant reported exploitation of an unauthenticated access flaw in Gladinet’s Triofox (CVE-2025-12480) that allowed attackers to bypass authentication, create…
Sanctioned Intellexa Continues to Deploy Multiple Mobile Zero-Day Exploits
TL;DR Google's Threat Intelligence Group reports that Intellexa, despite US sanctions, remains an active commercial spyware vendor exploiting numerous mobile…
Multiple Threat Actors Exploiting React2Shell (CVE-2025-55182)
TL;DR A critical unauthenticated RCE in React Server Components, CVE-2025-55182 (React2Shell), was disclosed Dec. 3, 2025 and quickly saw widespread…
Microsoft fixes 60+ Windows vulnerabilities in November Patch Tuesday, including zero-day
TL;DR Microsoft released fixes for more than 60 vulnerabilities across Windows and related products in the November Patch Tuesday cycle,…
Microsoft Patch Tuesday December 2025: 56 Fixes Including One Zero‑Day
TL;DR Microsoft released December Patch Tuesday updates addressing 56 security flaws, including a zero‑day privilege escalation and two publicly disclosed…