-
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback funct…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Approximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relyin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Active exploitation of a critical vulnerability in React Server Components, tracked as CVE‑2025‑55182 (React2Shell), targeting companies across multiple industry sectors worldwide. React2Shell affects the Flight protocol, which facilitates client-serve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A class-action lawsuit filed in San Francisco federal court accuses Meta Platforms of systematically misleading billions of WhatsApp users about the protection of their messages. The complaint alleges that despite marketing claims of unbreakable end-to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the interne…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and the effectiveness of compensatory controls protect…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A moderate out-of-bounds write vulnerability in Apache Hadoop’s HDFS native client that could allow attackers to trigger system crashes or cause data corruption in production environments. The flaw, identified as CVE-2025-27821, affects the nati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has confirmed a controversial new feature coming to Teams that will automatically reveal employee work locations by detecting which Wi-Fi networks they connect to raising significant concerns about workplace surveillance and hybrid work polic…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without aut…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities CVE-2025-59718 and CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
