A 0-day buffer overflow vulnerability in Cisco ASA and FTD devices, exploitable via WebVPN, allows unauthenticated remote code execution. Cisco has released patches and issued guidance for mitigation.
Hackers exploited OAuth tokens in third-party Salesforce integrations, stealing CRM data and extorting affected customers. Salesforce urges clients to rotate credentials.
A public PoC exploit for CVE-2025-32463 in Sudo has been released, enabling local privilege escalation to root. Linux users are urged to update to Sudo 1.9.16p1.
A recently disclosed Chrome RCE exploit uses Wasm and JavaScript to manipulate memory and execute shellcode in the browser. Update to version M137.0.7151.57 immediately to prevent remote compromise.
A zero-day vulnerability in Oracle E-Business Suite, CVE-2025-61882, has been actively exploited by Cl0p in data theft campaigns. Oracle’s emergency patch addresses unauthenticated remote code execution in the BI Publisher integration component.