Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability allowing unauthenticated remote code execution via file upload ...

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately.

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) ...

ESET researchers provide a comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of ...

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

Predator has remained available through the Intellexa spyware consortium despite US sanctions imposed in 2024 on ...

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

Every day has the potential to be a bad day for a CSO. However, the second Tuesday of each month – Patch Tuesday – is almost ...

HPE has released patches for a critical-severity OneView vulnerability that could lead to unauthenticated remote code execution.