More results...
Google Threat Intelligence Group (GTIG) reported 90 zero-day vulnerabilities actively exploited in the wild during 2025. While this total is slightly below the 2023 peak, it highlights a critical shift in the cybersecurity landscape, as attackers are i…
Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.
Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead.
The post Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises appeared first on SecurityWeek.
Cisco has confirmed that two Catalyst SD-WAN Manager vulnerabilities (CVE-2026-20128 and CVE-2026-20122) patched in late February 2025 are being exploited by attackers. The exploited vulnerabilities (CVE-2026-20128, CVE-2026-20122) CVE-2026-20128 is a …
Cato CTRL’s senior security researcher, Vitaly Simonovich, has uncovered a high-severity dos vulnerability in MongoDB, tracked as CVE-2026-25611, that lets unauthenticated attackers crash any exposed MongoDB server. CVE-2026-25611 is rooted in M…
A critical zero-day vulnerability in Cisco Catalyst SD-WAN infrastructure, tracked as CVE-2026-20127, is currently under active exploitation by highly sophisticated threat actors. The situation has grown considerably more severe following the public re…
The networking giant has added the recently patched CVE-2026-20128 and CVE-2026-20122 to the list of exploited vulnerabilities.
The post Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild appeared first on SecurityWeek.
A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially crafted email to a FreeScout mailbox. CVE-2026-28289 exploitation FreeScout i…
A critical security flaw in the popular Java authentication library pac4j-jwt allows attackers to completely bypass authentication and impersonate any user, including administrators. Tracked as CVE-2026-29000, this vulnerability carries a maximum CVSS …
Cisco has rolled out patches for 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD products.
The post Cisco Patches Critical Vulnerabilities in Enterprise Networking Products appeared first on SecurityWeek.