CISA added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog. This article provides a CVE-by-CVE technical breakdown, enterprise impact assessment, detection and mitigation actions, and prioritized remediation guidance for security operations teams. Includes an AEO-optimized FAQ and verified external sources.
GlassWorm is the first known self-propagating worm targeting developer environments by infecting VS Code extensions with hidden Unicode payloads. Once installed, it steals credentials from NPM, GitHub and Git, and upgrades machines into proxy nodes and part of a distributed criminal infrastructure. It uses a blockchain-based command and control mechanism and auto-updates to spread across the developer ecosystem. In this article, we dissect how GlassWorm works, what makes it a paradigm shift in supply-chain attacks, and what organisations must do to detect and contain it before their dev workstations become weaponised.
A public PoC for CVE-2025-59287 exploits an unsafe deserialization flaw in WSUS. Administrators must deploy Microsoft’s October 2025 updates and hunt for indicators of compromise immediately.
A critical flaw (CVE-2025-9242) in WatchGuard Fireware OS allows unauthenticated attackers to execute code remotely via the IKEv2 VPN process. This vulnerability impacts Firebox devices running outdated firmware and exposes enterprise networks to full compromise if left unpatched.
China’s Ministry of State Security alleges that the U.S. National Security Agency breached its National Time Service Centre over multiple years. The event signals new exposure for timing infrastructure and escalates global cyber conflict.
Europol has shut down a cross-border SIM-farm network used to automate smishing and VoIP fraud, seizing equipment, servers, and arresting dozens of operators.
A new malvertising campaign is using deceptive Google Ads mimicking trusted macOS software brands like Homebrew and LogMeIn to deliver potent infostealers such as AMOS and Odyssey. Mac developers and advanced users are being targeted with copy-and-paste terminal commands that install malware under the guise of legitimate apps. This expert breakdown shows how the attack works, what to watch for and how to defend your environment.
Shadowserver has identified over 266,000 F5 BIG-IP devices exposed to remote attack after a breach revealed undisclosed vulnerabilities. Organizations must act now to mitigate potential exploitation.
Security researchers uncovered multiple vulnerabilities in Microsoft’s BitLocker encryption, exposing Windows systems to data theft, privilege escalation, and bypass attacks. This article analyzes the flaws, their potential impact, and how organizations can secure encrypted drives against exploitation.
CISA has flagged CVE-2025-54253, a maximum-severity (CVSS 10.0) vulnerability in Adobe Experience Manager (AEM), as already under active attack. The root cause lies in how the /adminui/debug servlet misinterprets user-supplied OGNL expressions as Java code without authentication or validation. This flaw lets unauthenticated attackers execute system commands remotely. In this article, you’ll get the full technical breakdown, threat scenarios, detection strategies, mitigation plans, and best practices specific to AEM deployments.