Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771.
The post Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers appeared first on SecurityWeek.
Exploited CrushFTP Zero-Day Provides Admin Access to Servers
Hackers are exploiting a zero-day vulnerability in CrushFTP to gain administrative privileges on vulnerable servers via HTTPS.
The post Exploited CrushFTP Zero-Day Provides Admin Access to Servers appeared first on SecurityWeek.
Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication
Dozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly.
The post Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication appeared first on SecurityWeek.
CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable
The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied.
The post CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable appeared first on SecurityWeek.
Chrome Update Patches Fifth Zero-Day of 2025
Google has released a Chrome 138 security update that patches a zero-day, the fifth resolved in the browser this year.
The post Chrome Update Patches Fifth Zero-Day of 2025 appeared first on SecurityWeek.
CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA
CISA considers the recently disclosed CitrixBleed 2 vulnerability an unacceptable risk and has added it to the KEV catalog.
The post CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA appeared first on SecurityWeek.
Critical Wing FTP Server Vulnerability Exploited
Wing FTP Server vulnerability CVE-2025-47812 can be exploited for arbitrary command execution with root or system privileges.
The post Critical Wing FTP Server Vulnerability Exploited appeared first on SecurityWeek.
CISA Warns of Two Exploited TeleMessage Vulnerabilities
CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild.
The post CISA Warns of Two Exploited TeleMessage Vulnerabilities appeared first on SecurityWeek.
Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities
Many Citrix NetScaler systems are exposed to attacks exploiting the vulnerabilities tracked as CVE-2025-5777 and CVE-2025-6543.
The post Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities appeared first on SecurityWeek.
Chrome 138 Update Patches Zero-Day Vulnerability
Google has released a Chrome 138 update that patches a high-severity vulnerability with an exploit in the wild.
The post Chrome 138 Update Patches Zero-Day Vulnerability appeared first on SecurityWeek.
