Exploit List 2025- 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 25.12.25 | Critical RCE flaw impacts over 115,000 WatchGuard firewalls | Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. | Exploit | |
| 25.12.25 | New critical WatchGuard Firebox firewall flaw exploited in attacks | WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. | Exploit | |
| 25.12.25 | Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability | Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is | Exploit | The Hacker News |
| 25.12.25 | CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited | Exploit | The Hacker News |
| 21.12.25 | Cisco warns of unpatched AsyncOS zero-day exploited in attacks | Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. | Exploit | |
| 20.12.25 | Sonicwall warns of new SMA1000 zero-day exploited in attacks | SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. | Exploit | |
| 20.12.25 | Hackers exploit newly patched Fortinet auth bypass flaws | Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. | Exploit | |
| 19.12.25 | WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability | WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the | Exploit | The Hacker News |
| 18.12.25 | CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities ( KEV ) | Exploit | The Hacker News |
| 18.12.25 | Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances | Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor | Exploit | The Hacker News |
| 17.12.25 | React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors | The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks | Exploit | The Hacker News |
| 14.12.25 | CISA orders feds to patch actively exploited Geoserver flaw | CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. | Exploit | |
| 14.12.25 | Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks | Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and sharing. | Exploit | |
| 14.12.25 | Hackers exploit unpatched Gogs zero-day to breach 700 servers | An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. | Exploit | |
| 14.12.25 | CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited | Exploit | The Hacker News |
| 14.12.25 | Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild | Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in | Exploit | The Hacker News |
| 12.12.25 | React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of | Exploit | The Hacker News |
| 12.12.25 | CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities ( | Exploit | The Hacker News |
| 12.12.25 | Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks | A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new | Exploit | The Hacker News |
| 12.12.25 | Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw | Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID " 466192044 ." | Exploit | The Hacker News |
| 12.12.25 | Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution | Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected | Exploit | The Hacker News |
| 8.12.25 | Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks | A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in | Exploit | The Hacker News |
| 7.12.25 | React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable | Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. | Exploit | |
| 7.12.25 | Hackers are exploiting ArrayOS AG VPN flaw to plant webshells | Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. | Exploit | |
| 7.12.25 | Microsoft "mitigates" Windows LNK flaw exploited as zero-day | Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. | Exploit | |
| 4.12.25 | Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution | A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, | Exploit | The Hacker News |
| 4.12.25 | Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation | Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates , according to | Exploit | The Hacker News |
| 2.12.25 | CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities ( KEV ) catalog to include a security flaw impacting OpenPLC | Exploit | The Hacker News |
| 22.11.25 | Fortinet warns of new FortiWeb zero-day exploited in attacks | Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. | Exploit | |
| 21.11.25 | ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet | Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA | Exploit | The Hacker News |
| 20.11.25 | Google fixes new Chrome zero-day flaw exploited in attacks | Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. | Exploit | |
| 20.11.25 | Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) | A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The | Exploit | The Hacker News |
| 19.11.25 | WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide | A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them | Exploit | The Hacker News |
| 18.11.25 | Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability | Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in | Exploit | The Hacker News |
| 16.11.25 | Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks | Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. | Exploit | |
| 16.11.25 | Fortinet FortiWeb flaw with public PoC exploited to create admin users | A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication | Exploit | |
| 16.11.25 | CISA warns feds to fully patch actively exploited Cisco flaws | CISA warned federal agencies to fully patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. | Exploit | |
| 15.11.25 | Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks | An advanced threat actor exploited the critical vulnerabilities "Citrix Bleed 2" (CVE-2025-5777) in NetScaler ADC and Gateway, and CVE-2025-20337 affecting Cisco Identity Service Engine (ISE) as zero-days to deploy custom malware. | Exploit | |
| 15.11.25 | Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland | Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. | Exploit | |
| 15.11.25 | Hackers abuse Triofox antivirus feature to deploy remote access tools | Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet's Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. | Exploit | |
| 13.11.25 | CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities ( | Exploit | The Hacker News |
| 12.11.25 | Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws | Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) | Exploit | The Hacker News |
| 9.11.25 | QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own | QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. | Exploit | |
| 9.11.25 | New LandFall spyware exploited Samsung zero-day via WhatsApp messages | A threat actor exploited a zero-day vulnerability in Samsung's Android image processing library to deploy a previously unknown spyware called 'LandFall' using malicious images sent over WhatsApp. | Exploit | |
| 9.11.25 | Cisco: Actively exploited firewall flaws now abused for DoS attacks | Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. | Exploit | |
| 9.11.25 | CISA warns of critical CentOS Web Panel bug exploited in attacks | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). | Exploit | |
| 9.11.25 | Hackers exploit WordPress plugin Post SMTP to hijack admin accounts | Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. | Exploit | |
| 8.11.25 | Hackers exploit critical auth bypass flaw in JobMonster WordPress theme | Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. | Exploit | |
| 8.11.25 | Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware | A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the | Exploit | The Hacker News |
| 7.11.25 | Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 | Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software | Exploit | The Hacker News |
| 4.11.25 | Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks | Details have emerged about a now-patched critical security flaw in the popular " @react-native-community/cli " npm package that could be potentially exploited to run malicious | Exploit | The Hacker News |
| 3.11.25 | Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks | Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial | Exploit | The Hacker News |
| 3.11.25 | China-linked hackers exploited Lanscope flaw as a zero-day in attacks | China-linked cyber-espionage actors tracked as 'Bronze Butler' (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. | Exploit | |
| 3.11.25 | ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability | The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented | Exploit | The Hacker News |
| 3.11.25 | Windows zero-day actively exploited to spy on European diplomats | A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. | Exploit | |
| 3.11.25 | CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers | CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024. | Exploit | |
| 1.11.25 | CISA warns of two more actively exploited Dassault vulnerabilities | The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes' DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. | Exploit | |
| 1.11.25 | China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats | A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and | Exploit | The Hacker News |
| 1.11.25 | China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems | The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick . The vulnerability, | Exploit | The Hacker News |
| 1.11.25 | CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released | Exploit | |
| 1.11.25 | CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its | Exploit | The Hacker News |
| 1.11.25 | New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL | A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, | Exploit | The Hacker News |
| 29.10.25 | Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack | Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and | Exploit | The Hacker News |
| 29.10.25 | Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware | The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services | Exploit | |
| 27.10.25 | Hackers launch mass attacks exploiting outdated WordPress plugins | A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). | Exploit | |
| 26.10.25 | CISA warns of Lanscope Endpoint Manager flaw exploited in attacks | The Cybersecurity & Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in the Motex Landscope Endpoint Manager. | Exploit | |
| 25.10.25 | CISA: High-severity Windows SMB flaw now exploited in attacks | CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems. | Exploit | |
| 25.10.25 | 'Jingle Thief' Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards | Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail | Exploit | The Hacker News |
| 25.10.25 | Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw | E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source | Exploit | |
| 25.10.25 | Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited | Exploit | The Hacker News |
| 22.10.25 | Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch | Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly | Exploit | The Hacker News |
| 21.10.25 | Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities ( KEV ) Catalog, officially confirming a | Exploit | The Hacker News |
| 19.10.25 | Hackers exploit Cisco SNMP flaw to deploy rootkit on switches | Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. | Exploit | |
| 19.10.25 | Gladinet fixes actively exploited zero-day in file-sharing software | Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. | Exploit | |
| 19.10.25 | CISA: Maximum-severity Adobe flaw now exploited in attacks | CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems. | Exploit | |
| 18.10.25 | Microsoft restricts IE mode access in Edge after zero-day attacks | Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in the Chakra JavaScript engine for access to target devices. | Exploit | |
| 18.10.25 | Hackers exploiting zero-day in Gladinet file sharing software | Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products, which allows a local attacker to access system files without authentication. | Exploit | |
| 16.10.25 | Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped | Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech | Exploit | |
| 16.10.25 | Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access | Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active | Exploit | |
|
12.10.25 |
Hackers exploit auth bypass in Service Finder WordPress theme | Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. | Exploit | |
|
11.10.25 |
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability | Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day | Exploit | |
|
9.10.25 |
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme | Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including | Exploit | |
|
9.10.25 |
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks | Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy | Exploit | |
|
7.10.25 |
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files | A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS | Exploit | |
| 4.10.25 | Chinese hackers exploiting VMware zero-day since October 2024 | Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024. | Exploit | |
| 3.10.25 | Hackers Exploit Milesight Routers to Send Phishing SMS to European Users | Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February | Exploit | The Hacker News |
| 3.10.25 | Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 | A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called | Exploit | The Hacker News |
| 3.10.25 | CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems | Exploit | The Hacker News |
| 28.9.25 | Maximum severity GoAnywhere MFT flaw exploited as zero day | Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands remotely without authentication. | Exploit | |
| 28.9.25 | CISA orders agencies to patch Cisco flaws exploited in zero-day attacks | CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks. | Exploit | |
| 28.9.25 | Cisco warns of ASA firewall zero-days exploited in attacks | Cisco warned customers today to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company's firewall software. | Exploit | |
| 28.9.25 | Cisco warns of IOS zero-day vulnerability exploited in attacks | Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being exploited in attacks. | Exploit | |
| 27.9.25 | Libraesva ESG issues emergency fix for bug exploited by state hackers | Libraesva rolled out an emergency update for its Email Security Gateway solution to fix a vulnerability exploited by threat actors believed to be state sponsored. | Exploit | |
| 27.9.25 | CISA says hackers breached federal agency using GeoServer exploit | CISA has revealed that attackers breached the network of an unnamed U.S. federal civilian executive branch (FCEB) agency last year after compromising an unpatched GeoServer instance. | Exploit | |
| 26.9.25 | Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure | Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer | Exploit | The Hacker News |
| 26.9.25 | Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware | The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to | Exploit | The Hacker News |
| 24.9.25 | Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials | Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web | Exploit | The Hacker News |
| 24.9.25 | State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability | Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The vulnerability, | Exploit | The Hacker News |
| 21.9.25 | CISA exposes malware kits deployed in Ivanti EPMM attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). | Exploit | |
| 21.9.25 | Google patches sixth Chrome zero-day exploited in attacks this year | Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. | Exploit | |
| 19.9.25 | CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following | Exploit | The Hacker News |
| 18.9.25 | CISA warns of actively exploited Dassault RCE vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. | Exploit | |
| 18.9.25 | Samsung patches actively exploited zero-day reported by WhatsApp | Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. | Exploit | |
| 18.9.25 | Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions | Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day | Exploit | The Hacker News |
| 16.9.25 | SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids | A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps , collectively attracting 38 million downloads across 228 countries and | Exploit | The Hacker News |
| 16.9.25 | Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack | Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 | Exploit | The Hacker News |
| 12.9.25 | Critical SAP S/4HANA vulnerability now exploited in attacks | A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. | Exploit | BleepingComputer |
| 12.9.25 | Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso | Exploit | The Hacker News |
| 7.9.25 | Hackers exploited Sitecore zero-day flaw to deploy backdoors | Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. | Exploit | |
| 7.9.25 | New TP-Link zero-day surfaces as CISA warns other flaws are exploited | TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. | Exploit | |
| 4.9.25 | CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited | Exploit | The Hacker News |
| 4.9.25 | Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers | Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry | Exploit | The Hacker News |
| 4.9.25 | Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure | Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security | Exploit | The Hacker News |
| 4.9.25 | CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender | Exploit | The Hacker News |
| 31.8.25 | FreePBX servers hacked via zero-day, emergency fix released | The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet. | Exploit | |
| 30.8.25 | CISA warns of actively exploited Git code execution flaw | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system. | Exploit | |
| 30.8.25 | Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution | Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code | Exploit | The Hacker News |
| 29.8.25 | FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available | The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an | Exploit | The Hacker News |
| 24.8.25 | GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets | Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious | Exploit | |
| 23.8.25 | Researcher to release exploit for full auth bypass on FortiWeb | A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. | Exploit | |
| 22.8.25 | Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks | Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of | Exploit | The Hacker News |
| 21.8.25 | Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks | Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The | Exploit | The Hacker News |
| 19.8.25 | Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware | Cybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware | Exploit | The Hacker News |
| 17.8.25 | Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware | The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. | Exploit | The Hacker News |
| 14.8.25 | CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited | Exploit | The Hacker News |
| 12.8.25 | Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls | Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May | Exploit | The Hacker News |
| 08.08.25 | 6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits | Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, | Exploit | The Hacker News |
| 06.08.25 | CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its | Exploit | The Hacker News |
| 25.7.25 | CISA warns of hackers exploiting SysAid vulnerabilities in attacks | CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. | Exploit | |
| 25.7.25 | Cisco: Maximum-severity ISE RCE flaws now exploited in attacks | Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. | Exploit | |
| 25.7.25 | Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks | Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks | Exploit | |
| 25.7.25 | Microsoft SharePoint zero-day exploited in RCE attacks, no patch available | Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. | Exploit | |
| 25.7.25 | Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments | Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, | Exploit | The Hacker News |
| 25.7.25 | Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems | Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The | Exploit | The Hacker News |
| 23.7.25 | Disrupting active exploitation of on-premises SharePoint vulnerabilities | On July 19, 2025, Microsoft Security Response Center (MSRC) published a blog addressing active attacks against on-premises SharePoint servers that exploit CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability. | Exploit | Microsoft |
| 23.7.25 | SharePoint Zero-Day CVE-2025-53770 Actively Exploited: What Security Teams Need to Know | A critical zero-day vulnerability (CVE-2025-53770 ) in SharePoint on-prem is actively being exploited in the wild. | Exploit | Checkpoint |
| 23.7.25 | CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its | Exploit | The Hacker News |
| 23.7.25 | Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups | Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon | Exploit | The Hacker News |
| 23.7.25 | Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access | Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation. | Exploit | The Hacker News |
| 23.7.25 | Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access | The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point | Exploit | The Hacker News |
| 22.7.25 | Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks | Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has | Exploit | The Hacker News |
| 20.7.25 | Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations | A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked | Exploit | The Hacker News |
| 20.7.25 | Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers | A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309 , the | Exploit | The Hacker News |
| 20.7.25 | New CrushFTP zero-day exploited in attacks to hijack servers | CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. | Exploit | |
| 20.7.25 | Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks | A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks. | Exploit | |
| 20.7.25 | VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin | VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. | Exploit | |
| 19.7.25 | Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks | Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting | Exploit | The Hacker News |
| 18.7.25 | Google fixes actively exploited sandbox escape zero day in Chrome | Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection. | Exploit | |
| 17.7.25 | Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild | Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity | Exploit | The Hacker News |
| 13.7.25 | Hackers are exploiting critical RCE flaw in Wing FTP Server | Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. | Exploit | |
| 13.7.25 | Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now | Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. | Exploit | |
| 13.7.25 | The zero-day that could've compromised every Cursor and Windsurf user | Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. | Exploit | |
| 13.7.25 | CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch | The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. | Exploit | BleepingComputer |
| 10.7.25 | Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets | The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized | Exploit | The Hacker News |
| 8.7.25 | CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing | Exploit | The Hacker News |
| 3.7.25 | Google fixes fourth actively exploited Chrome zero-day of 2025 | Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. | Exploit | BleepingComputer |
| 1.7.25 | Google Patches Critical Zero-Day Flaw in Chrome's V8 Engine After Active Exploitation | Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as | Exploit | The Hacker News |
| 29.6.25 | Citrix Bleed 2 flaw now believed to be exploited in attacks | A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. | Exploit | BleepingComputer |
| 28.6.25 | Citrix warns of NetScaler vulnerability exploited in DoS attacks | Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. | Exploit | |
| 26.6.25 | Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa | Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open- | Exploit | The Hacker News |
| 25.6.25 | SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks | Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who | Exploit | The Hacker News |
| 23.6.25 | WordPress Motors theme flaw mass-exploited to hijack admin accounts | Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site. | Exploit | |
| 22.6.25 | CISA warns of attackers exploiting Linux flaw with PoC exploit | CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel's OverlayFS subsystem that allows them to gain root privileges. | Exploit | |
| 21.6.25 | Sitecore CMS exploit chain starts with hardcoded 'b' password | A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers. | Exploit | BleepingComputer |
| 18.6.25 | CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities ( KEV ) catalog, stating it has been actively exploited in the wild. | Exploit | The Hacker News |
| 18.6.25 | Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor | A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper . The attack, | Exploit | The Hacker News |
| 14.6.25 | Over 84,000 Roundcube instances vulnerable to actively exploited flaw | Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. | Exploit | BleepingComputer |
| 13.6.25 | Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware | Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated | Exploit | The Hacker News |
| 10.6.25 | CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and | Exploit | The Hacker News |
| 8.6.25 | Critical Fortinet flaws now exploited in Qilin ransomware attacks | The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. | Exploit | BleepingComputer |
| 8.6.25 | Hacker selling critical Roundcube webmail exploit as tech info disclosed | Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. | Exploit | BleepingComputer |
| 7.6.25 | Cisco warns of ISE and CCP flaws with public exploit code | Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. | Exploit | BleepingComputer |
| 6.6.25 | CISA warns of ConnectWise ScreenConnect bug exploited in attacks | CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. | Exploit | BleepingComputer |
| 6.6.25 | Qualcomm fixes three Adreno GPU zero-days exploited in attacks | Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. | Exploit | BleepingComputer |
| 6.6.25 | Exploit details for max severity Cisco IOS XE flaw now public | Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. | Exploit | BleepingComputer |
| 6.6.25 | Hackers are exploiting critical flaw in vBulletin forum software | Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. | Exploit | BleepingComputer |
| 6.6.25 | Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks | A now-patched critical security flaw in the Wazuh Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct | Exploit | The Hacker News |
| 3.6.25 | New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch | Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the | Exploit | The Hacker News |
| 30.4.25 | Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw | Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. | Exploit | BleepingComputer |
| 28.4.25 | Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products | Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023. Of the 75 zero-days, 44% of them targeted | Exploit | The Hacker News |
| 28.4.25 | Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised | Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized | Exploit | The Hacker News |
| 27.4.25 | Craft CMS RCE exploit chain used in zero-day attacks to steal data | Craft CMS RCE exploit chain used in zero-day attacks to steal data | Exploit | |
| 25.4.25 | Active! Mail RCE flaw exploited in attacks on Japanese orgs | An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. | Exploit | |
| 25.4.25 | New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework | Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code | Exploit | The Hacker News |
| 23.4.25 | Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp | Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to | Exploit | The Hacker News |
| 23.4.25 | Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals | Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine | Exploit | The Hacker News |
| 22.4.25 | Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials | In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be | Exploit | The Hacker News |
| 21.4.25 | Critical Erlang/OTP SSH RCE bug now has public exploits, patch now | Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. | Exploit | |
| 21.4.25 | Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now | A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. | Exploit | |
| 20.4.25 | CISA tags SonicWall VPN flaw as actively exploited in attacks | On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. | Exploit | |
| 17.4.25 | CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access ( SMA ) 100 | Exploit | The Hacker News |
| 17.4.25 | Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks | Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under | Exploit | The Hacker News |
| 15.4.25 | Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability | A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven | Exploit | The Hacker News |
| 13.4.25 | Hackers exploit WordPress plugin auth bypass hours after disclosure | Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. | Exploit | |
| 12.4.25 | CentreStack RCE exploited as zero-day to breach file sharing servers | Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers | Exploit | |
| 12.4.25 | Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit | Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to | Exploit | The Hacker News |
| 11.4.25 | OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation | A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public | Exploit | The Hacker News |
| 9.4.25 | PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware | Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware | Exploit | The Hacker News |
| 3.4.25 | Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign | Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment | Exploit | |
|
31.3.25 |
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images | Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and | Exploit | |
|
30.3.25 |
New Ubuntu Linux security bypasses require manual mitigations | Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. | Exploit | |
|
28.3.25 |
EncryptHub linked to MMC zero-day attacks on Windows systems | A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. | Exploit | |
|
26.3.25 |
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware | The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of | Exploit | The Hacker News |
|
26.3.25 |
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks | Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of | Exploit | The Hacker News |
|
23.3.25 |
Critical Cisco Smart Licensing Utility flaws now exploited in attacks | Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. | Exploit | |
|
22.3.25 |
New Windows zero-day exploited by 11 state hacking groups since 2017 | At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017 | Exploit | |
|
21.3.25 |
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility | Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center . The | Exploit | The Hacker News |
|
20.3.25 |
Critical RCE flaw in Apache Tomcat actively exploited in attacks | A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. | Exploit | |
|
19.3.25 |
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads | Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store | Exploit | |
|
18.3.25 |
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure | A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept | Exploit | The Hacker News |
|
17.3.25 |
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions | Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' | Exploit | The Hacker News |
| 13.3.25 | Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk | Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has | Exploit | The Hacker News |
| 8.3.25 | Cisco warns of Webex for BroadWorks flaw exposing credentials | Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. | Exploit | BleepingComputer |
| 8.3.25 | CISA tags Windows, Cisco vulnerabilities as actively exploited | CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. | Exploit | BleepingComputer |
| 4.3.25 | Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, | Exploit | The Hacker News |
| 4.3.25 | Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks | Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and | Exploit | The Hacker News |
| 1.3.25 | Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone | A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was | Exploit | The Hacker News |
| 27.2.25 | Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers | The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben | Exploit | The Hacker News |
| 27.2.25 | Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites | A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of | Exploit | The Hacker News |
| 26.2.25 | CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra | Exploit | The Hacker News |
| 25.2.25 | Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle | Exploit | The Hacker News |
| 22.2.25 | Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes | Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized | Exploit | The Hacker News |
|
14.1.25 | Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners | A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy | Exploit | The Hacker News |
|
3.1.25 | LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers | A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could | Exploit | |