A PoC is out there, but there's no evidence of abuse yet.

ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM ...

Fortinet has closed a critical FortiSIEM vulnerability. A proof-of-concept exploit increases the likelihood of attacks.

Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin ...

Cisco patched a critical exploit affecting some of its communication-based products. Designated as CVE-2026-20045, the vulnerability allows bad actors to run arbitrary commands on an affected device’s ...

JFrog this week published an analysis of a vulnerability in Redis databases that may be more serious than initially thought following the discovery of a ...

Flow published a post-incident report on January 6, 2026, discussing the root cause of its $3.9 million exploit. An attacker exploited a Cadence runtime type confusion vulnerability to forge tokens.

No reports of active exploitation … yet Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level ...

TL;DR: WinRAR has a critical security vulnerability (CVE-2025-6218) allowing remote code execution via directory traversal in Windows versions. This exploit risks sensitive data and system integrity.

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs Your email has been sent Volt Typhoon, a Chinese state-sponsored hacking group, has been caught ...

Security experts are warning that ready-made code which exploits a recently announced Cisco Systems IOS operating system vulnerability is circulating and attacks using the exploit are taking place.