Underminr Abuse Disguises Malicious Traffic Behind Trusted Domains
Underminr is being actively abused to make malicious connections appear as if they are going to trusted domains, and 88 million domains are affected.
Read MoreVulnerability
Three Windows Zero-Days
Three Windows vulnerabilities have been recently discovered – BlueHammer, RedSun, and UnDefend.
Read MoreApple Fixes CVE-2026-20700 Zero-Day Across iOS and macOS Family
Apple has patched CVE-2026-20700, a memory corruption bug in dyld that was exploited in attacks. Install the latest updates across iOS, macOS and related platforms to patch.
Read MoreCritical Apex Central RCE Fixed in Build 7190
Trend Micro has patched a critical RCE vulnerability in Apex Central – plus two Denial-of-Service bugs. Update to Build 7190 as soon as possible.
Read MoreHashJack Indirect Prompt Injection Targets AI Browser Assistants
HashJack is a new indirect prompt injection technique that hides malicious instructions in URL fragments, so AI browser assistants – not the website – execute the attacker’s commands.
Read MoreUnpatched Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited
An unpatched Gogs zero-day (CVE-2025-8110) that bypasses a previous fix is being used to compromise more than 700 internet-exposed servers.
Read MoreCVSS 10.0 RCE in React Server Components
A 10.0 CVSS flaw in React and Next.js which allows remote code execution is actively exploited. Update as soon as possible.
Read MoreMicrosoft Teams Flaws Allowed Message Spoofing And Executive Impersonation
Four now-patched Microsoft Teams vulnerabilities let attackers spoof executives, edit messages without the edit tag, and forge caller identities.
Read MoreMicrosoft Patches 9.9-Rated ASP.NET Core Request-Smuggling Flaw
Microsoft fixed CVE-2025-55315, a Kestrel request-smuggling bug rated 9.9 (Critical). Updates for ASP.NET Core and Visual Studio are available; admins should patch and restart affected apps.
Read MoreCISA: Attacks Exploit Two N-able N-central Flaws; Patches Available
CISA added two actively exploited N-central flaws to the KEV catalog. N-able has released patches; admins using the software should update and enable MFA as soon as possible.
Read More