The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalogue, warning organisations about active exploitation in th…

The Cybersecurity and Infrastructure Security Agency has released critical guidance on managing UEFI Secure Boot configurations across enterprise systems. The comprehensive advisory addresses growing concerns about boot-level security vulnerabilities t…

Security researchers at Push have identified a sophisticated new phishing attack termed “ConsentFix,” which combines OAuth consent manipulation with ClickFix-style social engineering to compromise Microsoft accounts without requiring passwo…

Security researchers have identified an active zero-day vulnerability in Gogs, a widely used self-hosted Git service. The flaw has already resulted in the compromise of more than 700 servers publicly exposed on the internet. As of early December 2025, …

The development team behind the popular text editor Notepad++ has released version 8.8.9 to address a critical security flaw that could allow traffic hijacking. This vulnerability affects the software’s update mechanism, potentially allowing attackers …

Security researchers have disclosed two new vulnerabilities in React Server Components that expose servers to Denial-of-Service (DoS) attacks and to source code leaks. These flaws were discovered while experts were analyzing the patches for last week&#…

Security researchers have unveiled a critical series of vulnerabilities in the .NET Framework’s HTTP client proxy architecture, dubbed “SOAPwn,” that enables remote code execution across multiple enterprise-grade platforms. Presented …

Jenkins has released a critical security advisory addressing a high-severity denial-of-service vulnerability affecting millions of organizations that rely on the popular automation server. The flaw, tracked as CVE-2025-67635, allows unauthenticated att…