Cybercrime and APT Groups Exploiting WinRAR Bug
Exploitation of CVE-2025-8088 in the wild began before disclosure, with attacks confirmed as early as July 18, 2025.
All topics
Vulnerability
12 Posts
Microsoft Releases Emergency Patch for CVE-2026-21509
The vulnerability (CVE-2026-21509) requires user interaction for an attack to succeed, with the most likely vector being an attacker sending a malicious Office file to a victim, who then opens it.
Cisco Fixes Unified Communications RCE Flaw Under Attack
Threat actors are attempting to exploit the Cisco remote code execution flaw (CVE-2026-20045) in the wild, according to a new security advisory.
Fortinet FortiGate Devices Targeted in New Campaign
This activity shares some similarities with a campaign that researchers at Arctic Wolf identified in December. That campaign started soon after Fortinet disclosed two authentication bypass flaws (CVE-2025-59718 and CVE-2025-59719).
High-Risk Authentication Bypass Flaw Found in Telnetd
The flaw is in the way that the telnetd server handles some specific user-supplied data. An attacker who exploits this vulnerability would be able to bypass the authentication path and gain root privileges.
‘We Fail a Lot’: How Two Security Pioneers Keep Innovating
From their roles as the driving forces behind pioneering web appsec firm WhiteHat Security to building out enterprise security programs to breaking large portions of the web, Jeremiah Grossman and Robert Hansen have unique viewpoints on what works and what doesn't.