Bleeping Computer

Actively exploited Apache 0-day also allows remote code execution

Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that ...
SecurityWeek

Critical Vulnerability Patched in jsPDF

A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...
Bleeping Computer

Latest Path Traversal news

Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. A Fortinet FortiWeb path traversal vulnerability is being ...
Hosted on MSN

Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks

Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.… The bug, tracked as CVE-2025-8088, is a ...