More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the vulnerabilities.
The post ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets appeared first on SecurityWeek.
Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771.
The post Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers appeared first on SecurityWeek.
Hackers are exploiting a zero-day vulnerability in CrushFTP to gain administrative privileges on vulnerable servers via HTTPS.
The post Exploited CrushFTP Zero-Day Provides Admin Access to Servers appeared first on SecurityWeek.
Dozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly.
The post Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication appeared first on SecurityWeek.
The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied.
The post CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable appeared first on SecurityWeek.
Google has released a Chrome 138 security update that patches a zero-day, the fifth resolved in the browser this year.
The post Chrome Update Patches Fifth Zero-Day of 2025 appeared first on SecurityWeek.
CISA considers the recently disclosed CitrixBleed 2 vulnerability an unacceptable risk and has added it to the KEV catalog.
The post CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA appeared first on SecurityWeek.
Wing FTP Server vulnerability CVE-2025-47812 can be exploited for arbitrary command execution with root or system privileges.
The post Critical Wing FTP Server Vulnerability Exploited appeared first on SecurityWeek.
CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild.
The post CISA Warns of Two Exploited TeleMessage Vulnerabilities appeared first on SecurityWeek.
Many Citrix NetScaler systems are exposed to attacks exploiting the vulnerabilities tracked as CVE-2025-5777 and CVE-2025-6543.
The post Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities appeared first on SecurityWeek.
