Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
GenWar Lab: Johns Hopkins APL’s Generative AI for Military Wargaming—Strategic Risks and the AI Validation Challenge
Johns Hopkins Applied Physics Laboratory is launching the GenWar Lab in 2026 to accelerate military wargaming using generative AI. The facility will embed LLMs into tabletop exercises to generate AI…
·
·
7–11 minutes -
SmarterTools SmarterMail CVE-2025-52691: Unauthenticated Arbitrary File Upload Enables Remote Code Execution on Email Gateways
SmarterTools SmarterMail CVE-2025-52691 (CVSS 10.0) allows unauthenticated attackers to upload arbitrary files to mail servers without authentication, enabling immediate remote code execution. Affects Build 9406 and earlier; patched in Build…
·
·
11–16 minutes -
IBM API Connect CVE-2025-13915: Critical Authentication Bypass Affecting Enterprise API Gateways at Major Financial and Telecom Organizations
IBM API Connect (CVSS 9.8) authentication bypass allows remote attackers to completely bypass login mechanisms and gain unauthorized access to centralized API gateways serving banks, airlines, and telecommunications companies. Affects…
·
·
12–19 minutes -
n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances
A critical expression injection vulnerability in n8n workflow automation platform (CVSS 9.9) allows authenticated attackers to execute arbitrary code with process privileges. 103,476 exposed instances identified globally, with rapid patching…
·
·
11–16 minutes -
WatchGuard Fireware CVE-2025-14733: Out-of-Bounds Write in iked Enables Unauthenticated RCE on 117,490+ Exposed Firewalls
A critical out-of-bounds write vulnerability in WatchGuard Fireware OS allows unauthenticated remote attackers to execute arbitrary code on perimeter devices via malicious IKEv2 packets. 117,490 exposed instances globally, 35,600+ in…
·
·
11–16 minutes -
RondoDox Botnet Exploits React2Shell CVSS 10.0 to Hijack 90,300+ IoT Devices and Web Servers
A sophisticated botnet campaign spanning nine months has targeted IoT devices and web applications worldwide, exploiting React2Shell CVE-2025-55182 (CVSS 10.0) as its primary initial access vector since December 2025. With…
·
·
8–12 minutes -
Fortinet FortiOS CVE-2020-12812: Five-Year-Old 2FA Bypass Affecting 9,700+ Exposed Firewalls Under Active Exploitation
A five-year-old 2FA bypass vulnerability in Fortinet FortiOS continues to plague enterprise perimeter security. Over 9,700 unpatched FortiGate instances remain exposed globally as of January 2026, with active exploitation confirmed.…
·
·
7–11 minutes -
MongoDB MongoBleed CVE-2025-14847: Unauthenticated Memory Leak Under Active Exploitation
A critical pre-authentication memory disclosure vulnerability in MongoDB allows attackers to leak heap memory without credentials. With 87,000+ vulnerable instances globally and active exploitation confirmed, CISA has mandated patches for…
·
·
3–5 minutes -
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
India’s Department of Telecommunications has issued a new directive for messaging apps, mandating they only work with active SIM cards linked to the user’s mobile number. This aims to combat…
·
·
2–4 minutes -
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The GlassWorm supply chain campaign has resurfaced, infiltrating the Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions. These extensions impersonate popular developer tools and frameworks, stealing credentials…
·
·
1–2 minutes
