The Hacker News

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...
TechSpot

Critical vulnerability in file transfer software Moveit could result in a new security disaster

Facepalm: Progress Software disclosed a new critical vulnerability in its popular managed file transfer tool Moveit. The disclosure comes almost exactly a year after a similar incident put thousands ...
Guru3D.com

Samsung Confirms Active Exploitation of High-Severity Vulnerability in SSD Magician Software

Samsung has issued a security warning confirming a serious vulnerability in its Samsung Magician SSD management software that is actively being exploited. The flaw affects Samsung Magician versions ...

Patched WinRAR vulnerability remains a favorite tool for hackers and spies

The WinRAR vulnerability tracked as CVE-2025-8088 was discovered and patched in July 2025, but the popular file archiver continues to suffer from its fallout. According to ...

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks ...
Infosecurity-magazine.com

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

The scale of Common Vulnerabilities and Exposures (CVE) reporting has grown exponentially during 2025, making it another record year in the domain. According to Jerry Gamblin, principal engineer at ...

CISA confirms active exploitation of four enterprise software bugs

The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities ...
Dark Reading

Disclosure Drama Clouds CrushFTP Vulnerability Exploitation

A critical CrushFTP vulnerability now under exploitation in the wild has become mired in controversy and confusion. On March 31, the Shadowserver Foundation reported that exploitation activity was ...
The Hacker News

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco fixes actively exploited CVE-2026-20045 zero-day enabling unauthenticated RCE in Unified CM and Webex; CISA sets Feb 11, 2026 deadline.
Security

Vulnerability management lessons from the JetBrains security incident

Recently, multiple vulnerabilities were discovered in JetBrains' TeamCity On-Premises software, which allowed remote attackers to bypass authentication checks and take over an affected server for ...
Infosecurity-magazine.com

SAP Fixes Critical Vulnerability After Evidence of Exploitation

German software company SAP has finally disclosed and fixed a highly critical vulnerability in the NetWeaver Visual Composer development server after evidence of exploitation in the wild. NetWeaver ...
Nature

Software Vulnerability Management and Economic Models

Software vulnerability management has emerged as a cornerstone of modern cybersecurity, combining technical strategies for identifying and patching vulnerabilities with sophisticated economic models ...