CVE

Official tag for Common Vulnerabilities and Exploitations

Zero-Day

Jan 14, 2026

•

5 min read

Microsoft January 2026 Patch Tuesday Fixes 112 Flaws, Including Actively Exploited Windows Zero-Day

CVE-2026-20805 leaks sensitive memory information

AI Vulnerability

Threat Actors Probe Misconfigured Proxies to Access LLM APIs, GreyNoise Warns

Jan 12, 2026

•

5 min read

Threat Actors Probe Misconfigured Proxies to Access LLM APIs, GreyNoise Warns

GreyNoise observed over 91,000 attack sessions targeting proxy misconfigurations

Hardware

Unpatched Totolink EX200 Flaw Enables Full Device Takeover via Hidden Telnet Service

Jan 8, 2026

•

5 min read

Unpatched Totolink EX200 Flaw Enables Full Device Takeover via Hidden Telnet Service

Attackers can fully control and pivot from the extender

Software Vulnerabilities

Coordinated Holiday Campaign Targets Adobe ColdFusion Servers Worldwide

Jan 3, 2026

•

5 min read

Coordinated Holiday Campaign Targets Adobe ColdFusion Servers Worldwide

GreyNoise observed a coordinated ColdFusion exploitation campaign

Software Vulnerabilities

Critical IBM API Connect Flaw Enables Authentication Bypass and Remote Access

Jan 1, 2026

•

5 min read

Critical IBM API Connect Flaw Enables Authentication Bypass and Remote Access

CVSS score of 9.8 indicates near-maximum severity

CVE

Critical SmarterMail Flaw Enables Unauthenticated Remote Code Execution

Dec 30, 2025

•

5 min read

Critical SmarterMail Flaw Enables Unauthenticated Remote Code Execution

SmarterMail flaw rated CVSS 10.0

Software Vulnerabilities

MongoDB High-Severity Flaw Enables Unauthenticated Memory Disclosure

Dec 27, 2025

•

5 min read

MongoDB High-Severity Flaw Enables Unauthenticated Memory Disclosure

Affects MongoDB versions from 3.6 through 8.2

Zero-Day

Dec 21, 2025

•

5 min read

WatchGuard Fireware OS Zero-Day Exploited in the Wild Targets IKEv2 VPN Configurations

WatchGuard disclosed active exploitation of CVE-2025-14733

Software Vulnerabilities

Docker Opens 1,000+ Hardened Container Images to Developers

Dec 20, 2025

•

5 min read

Docker Opens 1,000+ Hardened Container Images to Developers

Images are continuously scanned and designed to minimize CVEs

Hardware

Motherboard Firmware Flaw Enables Early-Boot Attacks via Malicious PCIe Devices

Dec 18, 2025

•

5 min read

Motherboard Firmware Flaw Enables Early-Boot Attacks via Malicious PCIe Devices

UEFI firmware flaw affects major motherboard vendors

Zero-Day

Dec 18, 2025

•

5 min read

Cisco Zero-Day Exploited in the Wild by China-Linked Threat Group

No patch or workaround is currently available

Software Vulnerabilities

JumpCloud Remote Assist Flaw Enables Local Privilege Escalation on Windows

Dec 16, 2025

•

5 min read

JumpCloud Remote Assist Flaw Enables Local Privilege Escalation on Windows

Tracked as CVE-2025-34352 with CVSS 8.5

Software Vulnerabilities

Atlassian Patches Critical Third-Party Vulnerabilities Across Core Products

Dec 15, 2025

•

5 min read

Atlassian Patches Critical Third-Party Vulnerabilities Across Core Products

Atlassian patched ~30 third-party vulnerabilities in December 2025

CVE

CISA Flags Actively Exploited Sierra Wireless Router Flaw in Critical Infrastructure Environments

Dec 14, 2025

•

5 min read

CISA Flags Actively Exploited Sierra Wireless Router Flaw in Critical Infrastructure Environments

Commonly targeted in operational technology environments

Software Vulnerabilities

Actively Exploited Gogs Zero-Day Enables Widespread Server Compromise

Dec 14, 2025

•

5 min read

Actively Exploited Gogs Zero-Day Enables Widespread Server Compromise

More than 700 compromised instances identified online

Zero-Day

Dec 13, 2025

•

5 min read

Apple Patches Two Actively Exploited WebKit Zero-Days Across Its Entire Ecosystem

All iOS browsers are affected due to WebKit requirements

Software Vulnerabilities

CISA Warns of Active Exploitation of Critical GeoServer XXE Vulnerability

Dec 13, 2025

•

5 min read

CISA Warns of Active Exploitation of Critical GeoServer XXE Vulnerability

Third GeoServer vulnerability exploited this year

Hardware

Dec 10, 2025

•

5 min read

PCIe IDE Vulnerabilities Trigger Industry-Wide Hardware Review

Three PCIe IDE vulnerabilities affect data integrity and encryption mechanisms

Wordpress

Dec 8, 2025

•

5 min read

CVE-2025-6389: Critical WordPress Plugin Flaw Under Active Attack

Over 131,000 Attacks Target New WordPress Sneeit Framework Zero-Day

AI Vulnerability

IDEsaster: 30+ Vulnerabilities Expose AI IDEs to Data Theft and Code Execution

Dec 7, 2025

•

5 min read

IDEsaster: 30+ Vulnerabilities Expose AI IDEs to Data Theft and Code Execution

30+ vulnerabilities discovered in AI-powered IDEs

Android

Dec 6, 2025

•

5 min read

Android Zero-Days Exploited in Targeted Attacks

Google patches two actively exploited Android zero-days

Software Vulnerabilities

Cloudflare Outage Linked to Emergency React2Shell Mitigations

Dec 5, 2025

•

5 min read

Cloudflare Outage Linked to Emergency React2Shell Mitigations

Organizations urged to patch React environments immediately

Software Vulnerabilities

React2Shell: Critical React Vulnerability Already Under Active Exploitation

Dec 5, 2025

•

5 min read

React2Shell: Critical React Vulnerability Already Under Active Exploitation

React 19 servers using a recently introduced server feature are directly exposed

CVE

Microsoft January 2026 Patch Tuesday Fixes 112 Flaws, Including Actively Exploited Windows Zero-Day

Threat Actors Probe Misconfigured Proxies to Access LLM APIs, GreyNoise Warns

Unpatched Totolink EX200 Flaw Enables Full Device Takeover via Hidden Telnet Service

Coordinated Holiday Campaign Targets Adobe ColdFusion Servers Worldwide

Critical IBM API Connect Flaw Enables Authentication Bypass and Remote Access

Critical SmarterMail Flaw Enables Unauthenticated Remote Code Execution

MongoDB High-Severity Flaw Enables Unauthenticated Memory Disclosure

WatchGuard Fireware OS Zero-Day Exploited in the Wild Targets IKEv2 VPN Configurations

Docker Opens 1,000+ Hardened Container Images to Developers

Motherboard Firmware Flaw Enables Early-Boot Attacks via Malicious PCIe Devices

Cisco Zero-Day Exploited in the Wild by China-Linked Threat Group

JumpCloud Remote Assist Flaw Enables Local Privilege Escalation on Windows

Atlassian Patches Critical Third-Party Vulnerabilities Across Core Products

CISA Flags Actively Exploited Sierra Wireless Router Flaw in Critical Infrastructure Environments

Actively Exploited Gogs Zero-Day Enables Widespread Server Compromise

Apple Patches Two Actively Exploited WebKit Zero-Days Across Its Entire Ecosystem

CISA Warns of Active Exploitation of Critical GeoServer XXE Vulnerability

PCIe IDE Vulnerabilities Trigger Industry-Wide Hardware Review

CVE-2025-6389: Critical WordPress Plugin Flaw Under Active Attack

IDEsaster: 30+ Vulnerabilities Expose AI IDEs to Data Theft and Code Execution

Android Zero-Days Exploited in Targeted Attacks

Cloudflare Outage Linked to Emergency React2Shell Mitigations

React2Shell: Critical React Vulnerability Already Under Active Exploitation

STAY CONNECTED