Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been ...

CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows ...

With CISA’s warning now public, the window for mitigating the threat is rapidly closing. Organizations that depend on ...

The US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to ...

CISA adds five exploited vulnerabilities to its KEV catalog, including flaws in Cisco, Microsoft, and Progress software.

CISA adds Microsoft Partner Center and Zimbra ZCS flaws to its KEV catalog, citing active exploitation. Federal agencies must patch by March 18 to mit ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security vulnerabilities affecting Cisco and ...

The latest additions to the CISA Known Exploited Vulnerabilities (KEV) catalog include CVE-2023-20118, a command injection ...

The first is CVE-2025-24993 - a heap-based buffer overflow in NTFS used by Windows Server 2008 and later systems, as well as ...

One exploit being tracked, CVE-2023-20118, allows hackers to remotely "execute arbitrary commands" on certain VPN routers.

Device code phishing has emerged as a particularly sophisticated attack vector, with threat actors using tools like TokenTactics to intercept Microsoft 365 tokens and gain unauthorized access to ...