Zero-Day

A sophisticated attack campaign exploiting a Google Chrome zero-day vulnerability tracked as CVE-2025-2783, marking yet another instance of advanced persistent threat (APT) groups leveraging...

A critical zero-day vulnerability affecting Windows systems that allows attackers to achieve privilege escalation through a novel Reflective Kerberos Relay Attack.  The vulnerability, designated CVE-2025-33073,...

A critical zero-day vulnerability discovered in Salesforce's default controller has exposed millions of user records across thousands of deployments worldwide.  The security flaw, found in...

Significant vulnerabilities were uncovered in Versa Concerto, a widely deployed SD-WAN orchestration platform used by major enterprises and government entities.  The flaws include authentication bypass...

A high-severity cross-site scripting (XSS) vulnerability in Grafana could allow attackers to redirect users to malicious websites.  The vulnerability, tracked as CVE-2025-4123 received a CVSS...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited...

Mozilla has released an emergency security update to address two critical vulnerabilities in Firefox that could allow attackers to execute malicious code on users'...

SAP's May 2025 Security Patch Day includes an urgent update to the previously released emergency patch for a critical zero-day vulnerability (CVE-2025-31324) that continues...

CISA has added a critical SAP NetWeaver vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on April 29, 2025.  The zero-day flaw, tracked as CVE-2025-31324,...

RedGolf, a sophisticated threat actor with ties to APT41, provided a rare insight into its operational toolbox after a directory on their attack infrastructure...