Explained: How ShinyHunters hacked over 100 organisations using an Oracle bug

Cybersecurity experts from Google's Threat Intelligence Group have alerted that the hacking group ShinyHunters exploited a ...
Infosecurity-magazine.com

Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS

The Forum of Incident Response and Security Teams (FIRST) officially launched the fourth version of the Common Vulnerability Scoring System (CVSS 4.0), in November 2023. CVSS 4.0, the industry ...
Infosecurity Magazine

Microsoft Fixes 200 CVEs in June Patch Tuesday

System administrators are in for a busy few weeks after Microsoft published updates to fix 200 vulnerabilities including ...

151 Chrome Security Flaws, 22 Critical, Fixed In New Google Update

Google has released a Chrome update patching a large number of new security flaws: 151 in total, 22 of them rated as critical severity.
Bleeping Computer

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. The ...
Ars Technica

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters

Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s ...
Bleeping Computer

CISA orders fed agencies to patch new Exchange flaw by Monday

CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday ...
CSO Online

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.