Bleeping Computer

VMware ESXi zero-days likely exploited a year before disclosure

Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted ...
Bleeping Computer

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the ...
Infosecurity-magazine.com

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

The scale of Common Vulnerabilities and Exposures (CVE) reporting has grown exponentially during 2025, making it another record year in the domain. According to Jerry Gamblin, principal engineer at ...
Fox News

Apple patches two zero-day flaws used in targeted attacks

Apple has released emergency security updates to fix two zero-day vulnerabilities that attackers actively exploited in highly targeted attacks. The company described the activity as an "extremely ...
Krebs on Security

The Kimwolf Botnet is Stalking Your Local Network

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a ...
Infosecurity-magazine.com

Infosecurity's Top 10 Cybersecurity Stories of 2025

Cybersecurity dominated headlines throughout 2025, with a year marked by high-profile breaches, evolving attack techniques and major shifts in industry practices. From critical zero-day ...