Security News

A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS)...

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained...

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of...

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756,...

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. [...]

On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited)...

Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident...

Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. [...]

Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities. [...]

Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. [...]