This SmarterMail vulnerability allows Remote Code Execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
Network World

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately.
Security Boulevard

Best of 2025: LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

SafeBreach researchers developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows ...

Cyata flags agentic AI supply-chain risk in Cursor remote code execution bug

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a critical remote code ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

Another bad week for SonicWall as SMA 1000 zero-day under active exploit

SonicWall's advisory says the vulnerability has been chained with another SMA 1000 flaw patched earlier this year ...

WatchGuard sounds alarm as critical Firebox flaw comes under active attack

WatchGuard is in emergency patch mode after confirming that a critical remote code execution flaw in its Firebox firewalls is ...
CSO Online

WatchGuard fixes ‘critical’ zero-day allowing firewall takeover

Because it was under attack before a patch was made available by WatchGuard on December 18, this makes CVE-2025-14733 a bona ...
Dark Reading

Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices

With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors whose products have been ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...