The Hacker News

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.

Google Threat Intelligence Group warns enterprise systems increasingly targeted by zero-day exploits

Google Threat Intelligence Group warns enterprise systems increasingly targeted by zero-day exploits - SiliconANGLE ...

Google Issues Emergency Chrome Update — 0Day Exploit Confirmed

Don’t delay, ensure Chrome is updated now as Google confirms an emergency security alert. CVE-2026-2441 exploited in the wild ...
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

Hackers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines

Threat actors are weaponizing a zero-day vulnerability in Dell RecoverPoint for Virtual Machines in a cyberattack campaign that drops a novel backdoor, according to new findings from Mandiant and ...
Hosted on MSN

Hackers Exploit Microsoft Software Vulnerability To Reportedly Target Governments And Businesses—What To Know

A vulnerability in Microsoft’s SharePoint server software was exploited by hackers to carry out “active attacks” globally on various entities, including businesses and U.S. federal agencies, prompting ...
Bleeping Computer

Cisco fixes root escalation vulnerability with public exploit code

Cisco has fixed a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on vulnerable systems. Tracked as CVE-2024-20469, the security flaw was found ...
Dark Reading

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

A vulnerability found in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The remote code execution (RCE) bug allows attackers to take over servers using a PUT API ...
Bleeping Computer

Cisco warns of denial of service flaw with PoC exploit code

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. Tracked as CVE-2025-20128, the vulnerability is caused by a ...
TweakTown

WinRAR 'high-risk' exploit discovered, make sure you update to the latest release

TL;DR: WinRAR has a critical security vulnerability (CVE-2025-6218) allowing remote code execution via directory traversal in Windows versions. This exploit risks sensitive data and system integrity.
TechRepublic

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs Your email has been sent Volt Typhoon, a Chinese state-sponsored hacking group, has been caught ...
Infosecurity-magazine.com

Malicious Actors Exploit ProjectSend Critical Vulnerability

Public-facing instances of ProjectSend, an open-source file-sharing web application, have been exploited by attackers, according to vulnerability intelligence provider VulnCheck. ProjectSend was ...