Pierluigi Paganini
December 11, 2025
Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or Bitbucket, but designed to be lightweight and easy to deploy. It allows individuals or organizations to host their own Git repositories on their servers, offering features like version […]
Pierluigi Paganini
December 11, 2025
Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome browser, including a high-severity flaw that threat actors are already exploiting in real-world attacks. “Google is aware that an exploit for 466192044 exists in the wild,” reads […]
Pierluigi Paganini
December 10, 2025
Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. Three vulnerabilities are rated Critical, while the rest are […]
Pierluigi Paganini
December 08, 2025
Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added the organization to its dark web data leak site and leaked the stolen information. The […]
Pierluigi Paganini
November 14, 2025
A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to hijack admin accounts and fully compromise devices. Researchers warn of an authentication bypass flaw in Fortinet FortiWeb WAF that allows full device takeover. The cybersecurity vendor addressed the vulnerability with the release version 8.0.2. A security flaw lets anyone break into FortiWeb devices […]
Pierluigi Paganini
November 07, 2025
A now-patched Samsung Galaxy flaw, tracked as CVE-2025-21042, was exploited as a zero-day to deploy LANDFALL spyware in targeted attacks in Middle East. Samsung patched a flaw exploited as a zero-day, tracked as CVE-2025-21042 (CVSS score of 8.8), to deploy LANDFALL spyware on Galaxy devices in Middle East attacks. “Unit 42 researchers have uncovered a […]
Pierluigi Paganini
October 11, 2025
Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products. Threat actors are exploiting the local File Inclusion (LFI) flaw CVE-2025-11371, a zero-day in Gladinet CentreStack and Triofox. A local user can exploit the issue to access system files without authentication. Gladinet CentreStack and Triofox are enterprise file-sharing and cloud […]
Pierluigi Paganini
September 30, 2025
Broadcom patched six VMware flaws, including CVE-2025-41244, which has been exploited in the wild as a zero-day since mid-October 2024 by UNC5174 Broadcom addressed six VMware vulnerabilities, including four high-severity issues. One of these flaws, tracked as CVE-2025-41244 (CVSS score 7.8), allows local users to escalate to root via VMware Tools and Aria Operations. “VMware […]
Pierluigi Paganini
September 18, 2025
Google addressed four vulnerabilities affecting its Chrome web browser, including one that has been exploited in the wild. Google released security updates to address four vulnerabilities in the Chrome web browser, including CVE-2025-10585, which has reportedly been exploited in the wild. “Google is aware that an exploit for CVE-2025-10585 exists in the wild.” reads the […]
Pierluigi Paganini
August 29, 2025
Sangoma warns of an actively exploited FreePBX zero-day affecting systems with publicly exposed admin control panels. The Sangoma FreePBX Security Team addressed an actively exploited FreePBX zero-day vulnerability, tracked as CVE-2025-57819 (CVSS score of 10.0), impacting systems with an internet-facing administrator control panel (ACP). FreePBX is an open-source telephony software platform that provides a web-based graphical […]
