CISA added FileZen CVE-2026-25108 (CVSS 8.7) to its KEV catalog after active exploitation, affecting versions 4.2.1–4.2.8 and 5.0.0–5.0.10.

Broadcom released various patches to tackle vulnerabilities concerning its multi-cloud management platform, Aria.

Taiwan networking provider Zyxel has released security updates to address a critical vulnerability affecting over a dozen router models that can allow unauthenticated attackers to gain remote command ...

A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning ...

Two other flaws were patched by the virtualization vendor, impacting Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure as well.

Researchers have detected attacks that compromised Bomgar appliances, many of which have reached end of life, creating problems for enterprises seeking to patch.

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through ...

Cisco is warning of a critical security vulnerability found in its Unified industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) access points that could allow an ...

Chinese state-sponsored hackers exploited flaws in Ivanti’s VPN software to breach at least 119 organizations, including the ...