VULNERABILITY

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

There is never a quiet moment on the internet This article explores escalation vulnerability windows. . There are new security issues, scams, and hacks every week.

The stories this

The State of Trusted Open Source

The reliable source for open source, Chainguard, has a unique perspective on how contemporary businesses actually use open source software and where they encounter operational difficulties

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

Two security vulnerabilities affecting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView have been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybers

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

Another n8n security vulnerability has been revealed by Cyera Research Labs. An unauthorized remote attacker can take total control of vulnerable instances thanks to this vulnerability. A

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

A maximum-severity security vulnerability that, if successfully exploited, could lead to authenticated remote code execution (RCE) has been reported by n8n. The vulnerability is rated 10.0

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

To fix several vulnerabilities in its Backup & Replication software, Veeam has released security updates. This article addresses a "critical" problem that might lead to remote code executi

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

Legacy D-Link DSL gateway routers have a recently identified critical security flaw that is being actively exploited in the wild. Command injection in the "dnscfg.cgi" endpoint is the subj

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

A remote attacker may be able to write any file on the server due to a vulnerability in the AdonisJS package. The function "MultipartFile.move(location, options)" that permits a file to be

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalo

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Google updates the Chrome browser to fix three security issues. One of the defects, which has a high severity rating, has been actively exploited in the wild. The fixes are also recommended f

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) The vulnerability in question is CVE-2025-55182 (CVSS s

Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs

CrowdStrike says DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. The Chinese AI company previously attract

ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands

OpenAI ChatGPT Atlas web browser susceptible to prompt injection attack. Attack disguises malicious instructions to look like a URL, but that Atlas treats as high-trust 'user intent' text. Pr

Bridging the Remediation Gap: Introducing Pentera Resolve

In addition to identifying risk, the objective is to take continuous, large-scale action on it. Security operations teams, which are already overburdened, are frequently tasked with consolida

Beware the Hidden Costs of Pen Testing

Pen testing aids businesses in ensuring the security of their IT systems, but it should never be applied universally. Conventional methods can be inflexible, cost your company money and time,

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser were made available by Apple on Friday. Two security vulnerabilities that have reportedly been exp

Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws

Two then-zero-day security holes in Cisco and Citrix products were exploited by an advanced threat actor. Amazon's MadPot honeypot network detected the attacks. The activity resulted in the d

Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack

Threat actors are taking advantage of security holes in XWiki and Dassault Systèmes DELMIA Apriso. Alerts have been released by VulnCheck and the U.S. Cybersecurity and Infrastructure Securit

Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution

A new actively exploited vulnerability in Gladinet's CentreStack and Triofox products. The use of hard-coded cryptographic keys could allow threat actors to decrypt or forge access tickets. A

5 Threats That Reshaped Web Security This Year [2025]

Defensive strategies had to be fundamentally rethought due to supply chain compromises, AI-powered attacks, and evolving injection techniques. A coordinated JavaScript injection campaign that