SecurityWeek

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day

A recently patched Oracle Identity Manager vulnerability tracked as CVE-2025-61757 may have been exploited as a zero-day.
Opinion

Why every CISO should demand a comprehensive Software Bill of Materials (SBOM)

A SBOM must be treated as a living document, updated with every code change, new release, or patch. Threat actors won't conveniently wait for your next quarterly review cycle to exploit an “invisible” ...
Ars Technica

Critical CitrixBleed 2 vulnerability has been under active exploit for weeks

A critical vulnerability allowing hackers to bypass multifactor authentication in network management devices made by Citrix has been actively exploited for more than a month, researchers said. The ...
Ars Technica

FortiGate admins report active exploitation 0-day. Vendor isn’t talking.

Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by ...
CRN

How SonicWall Put MSPs ‘In A Good Position’ Amid Critical Vulnerability Threat

Early communication from the security vendor about a recent critical-severity firewall vulnerability is an approach that partners want to see more of from the industry, an MSP executive tells CRN. The ...
Hosted on MSN

Hackers are exploiting a critical RCE Flaw in a popular FTP server — here's what you need to know

Hackers launched attacks just one day after the flaw’s full technical write-up was made public Many servers stayed vulnerable for weeks despite a fix being released long before the disclosure Null ...