What happened Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on more than 100,000 WordPress ...

Attackers are exploiting three Fortinet FortiSandbox flaws, including one patched last week, risking auth bypass and command ...

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

Security research firm Paradigm Shift today published details of a new BootROM vulnerability affecting Apple's A12 and A13 ...

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

Google has released an unscheduled update for Chrome to close two critical security vulnerabilities. As criminals are already actively using these vulnerabilities for attacks, all users are advised to ...

Researchers at Paradigm Shift have published the technical details of usbliter8, a new unpatchable iPhone BootROM ...

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...

Cisco has patched a critical-severity ISE and ISE-PIC vulnerability that could allow attackers to gain root access to the ...

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The ...

When Ivanti disclosed critical flaws in its Connect Secure VPN gateway in January 2024, attackers had working exploits circulating within roughly 24 hours. By the time most IT teams scheduled a patch ...

In a new proof-of-concept, endpoint security provider Morphisec showed that the Exploit Prediction Scoring System (EPSS), one of the most widely used frameworks for assessing vulnerability exploits, ...