More results...
Threat actors are exploiting a critical remote code execution vulnerability in React Native’s Metro development server to deploy sophisticated malware payloads targeting software developers worldwide. The vulnerability, tracked as CVE-2025-11953 …
A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania.
Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a s…
Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware.
The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek.
OpenClaw (aka Moltbot and Clawdbot) is vulnerable to one-click remote code execution attacks.
The post Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant appeared first on SecurityWeek.
ASUS has discontinued the File Shredder feature in its Business Manager software following the discovery of a critical security vulnerability, CVE-2025-13348. The company issued a security bulletin on February 2, 2026, addressing a flaw affecting ASUS …
Hikvision has disclosed a high-severity command execution vulnerability affecting multiple wireless access point models, potentially allowing authenticated attackers to execute arbitrary commands on affected devices. The company released an advisory on…
The Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a critical vulnerability affecting multiple versions of KiloView Encoder Series devices, warning that unauthenticated attackers could gain full administrative access. Issued unde…
Apache Syncope, a popular open-source identity and access management platform, has disclosed a critical XML External Entity (XXE) vulnerability in its Console component. The vulnerability, tracked as CVE-2026-23795, allows authenticated administrators …
A complex espionage campaign attributed to Chinese APT group Lotus Blossom, active since 2009. The investigation uncovered a sophisticated compromise of Notepad++ distribution infrastructure that delivered Chrysalis, a previously undocumented custom ba…