Vulnerabilities Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations The Post SMTP email delivery WordPress plugin is affected by a critical vulnerability and half of websites using it remain unpatched. Eduard KovacsJuly 28, 2025
Government ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors. Eduard KovacsJuly 24, 2025
Vulnerabilities Hackers Start Exploiting Critical Cisco ISE Vulnerabilities Cisco says it is aware of attempted exploitation of critical ISE vulnerabilities leading to unauthenticated remote code execution. Ionut ArghireJuly 23, 2025
Vulnerabilities CISA Warns of SysAid Vulnerability Exploitation CISA has added two recent SysAid vulnerabilities, CVE-2025-2776 and CVE-2025-2775, to its KEV catalog. Eduard KovacsJuly 23, 2025
Malware & Threats Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell zero-days. Eduard KovacsJuly 22, 2025
Malware & Threats ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the vulnerabilities. Eduard KovacsJuly 22, 2025
Vulnerabilities Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771. Eduard KovacsJuly 21, 2025
Vulnerabilities Exploited CrushFTP Zero-Day Provides Admin Access to Servers Hackers are exploiting a zero-day vulnerability in CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. Ionut ArghireJuly 21, 2025
Vulnerabilities Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication Dozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly. Ionut ArghireJuly 18, 2025
Vulnerabilities CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied. Ionut ArghireJuly 18, 2025
Vulnerabilities Chrome Update Patches Fifth Zero-Day of 2025 Google has released a Chrome 138 security update that patches a zero-day, the fifth resolved in the browser this year. Ionut ArghireJuly 16, 2025
Vulnerabilities CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA CISA considers the recently disclosed CitrixBleed 2 vulnerability an unacceptable risk and has added it to the KEV catalog. Ionut ArghireJuly 14, 2025
Vulnerabilities Critical Wing FTP Server Vulnerability Exploited Wing FTP Server vulnerability CVE-2025-47812 can be exploited for arbitrary command execution with root or system privileges. Ionut ArghireJuly 11, 2025
Vulnerabilities CISA Warns of Two Exploited TeleMessage Vulnerabilities CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild. Ionut ArghireJuly 2, 2025
Vulnerabilities Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities Many Citrix NetScaler systems are exposed to attacks exploiting the vulnerabilities tracked as CVE-2025-5777 and CVE-2025-6543. Ionut ArghireJuly 1, 2025
Vulnerabilities Chrome 138 Update Patches Zero-Day Vulnerability Google has released a Chrome 138 update that patches a high-severity vulnerability with an exploit in the wild. Ionut ArghireJuly 1, 2025
Vulnerabilities Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability The Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025–5777 may be exploited in the wild for initial access. Eduard KovacsJune 27, 2025
Vulnerabilities CISA Warns AMI BMC Vulnerability Exploited in the Wild CISA is urging federal agencies to patch a recent AMI BMC vulnerability and a half-a-decade-old bug in FortiOS by July 17. Ionut ArghireJune 26, 2025
Vulnerabilities Critical Citrix NetScaler Flaw Exploited as Zero-Day Citrix has released patches for a critical vulnerability in NetScaler ADC and NetScaler Gateway exploited as a zero-day. Ionut ArghireJune 26, 2025
Vulnerabilities Motors Theme Vulnerability Exploited to Hack WordPress Websites Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords. Ionut ArghireJune 20, 2025