Bleeping Computer

Hacker selling critical Roundcube webmail exploit as tech info disclosed

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...
VentureBeat

MCP stacks have a 92% exploit probability: How 10 plugins became enterprise security's biggest blind spot

The same connectivity that made Anthropic's Model Context Protocol (MCP) the fastest-adopted AI integration standard in 2025 has created enterprise cybersecurity's most dangerous blind spot. The ...
Bleeping Computer

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in ...
Ars Technica

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Critics of spyware and exploit sellers have long warned that the advanced hacking sold by commercial surveillance vendors (CSVs) represents a worldwide danger because they inevitably find their way ...
Infosecurity-magazine.com

Fake PoC Exploit Targets Security Researchers with Infostealer

Threat actors have created a fake proof-of-concept (PoC) exploit for a critical Microsoft vulnerability, designed to lure security researchers into downloading and executing information-stealing ...
Arizona Daily Sun

US warns hackers using F5 devices to target networks

WASHINGTON — U.S. government officials said on Wednesday that federal networks are being targeted by an unidentified "nation-state cyber threat actor" that's trying to exploit vulnerabilities in ...