The Hacker News

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...
TechSpot

Critical vulnerability in file transfer software Moveit could result in a new security disaster

Facepalm: Progress Software disclosed a new critical vulnerability in its popular managed file transfer tool Moveit. The disclosure comes almost exactly a year after a similar incident put thousands ...

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks ...

CISA confirms active exploitation of four enterprise software bugs

The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities ...
Infosecurity-magazine.com

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

The scale of Common Vulnerabilities and Exposures (CVE) reporting has grown exponentially during 2025, making it another record year in the domain. According to Jerry Gamblin, principal engineer at ...
Guru3D.com

Samsung Confirms Active Exploitation of High-Severity Vulnerability in SSD Magician Software

Samsung has issued a security warning confirming a serious vulnerability in its Samsung Magician SSD management software that is actively being exploited. The flaw affects Samsung Magician versions ...

Patched WinRAR vulnerability remains a favorite tool for hackers and spies

The WinRAR vulnerability tracked as CVE-2025-8088 was discovered and patched in July 2025, but the popular file archiver continues to suffer from its fallout. According to ...
techtimes

Apple and Microsoft Software Increasingly Targeted by Hackers, Report Finds

Apple's macOS and iOS are reportedly being targeted more by threat actors this year than last year. A new cybersecurity report found that Microsoft Office and other software are also being exploited ...
Security

Vulnerability management lessons from the JetBrains security incident

Recently, multiple vulnerabilities were discovered in JetBrains' TeamCity On-Premises software, which allowed remote attackers to bypass authentication checks and take over an affected server for ...
The Hacker News

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco released fixes for CVE-2025-20393, a CVSS 10.0 zero-day RCE flaw in AsyncOS exploited by a China-linked APT via email security appliances.
Infosecurity-magazine.com

SAP Fixes Critical Vulnerability After Evidence of Exploitation

German software company SAP has finally disclosed and fixed a highly critical vulnerability in the NetWeaver Visual Composer development server after evidence of exploitation in the wild. NetWeaver ...
Nature

Software Vulnerability Management and Economic Models

Software vulnerability management has emerged as a cornerstone of modern cybersecurity, combining technical strategies for identifying and patching vulnerabilities with sophisticated economic models ...