17 – 23 Nov 2025 On Monday Google released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. Our CVE of the Week is about CVE-2025-13223 vulnerability with a CVSS score of …

10 – 16 Nov 2025 Mandiant has confirmed that threat actors are actively exploiting a critical flaw (CVE-2025-12480) in Triofox by Gladinet — a remote access and file-sharing platform.The vulnerability allows authentication bypass, letting attackers create admin accounts and execute arbitrary code by abusing the …

03 – 09 Nov 2025 Our CVE of the Week, CVE-2025-62156, is about Argo Workflows, which is an open source container-native workflow engine for orchestrating complex, parallel jobs on Kubernetes. Critical flaw has been found in versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 …

27 Oct – 02 Nov 2025 Critical flaw has been found in UniFi® Access application, which leaves its management API exposed with no authentication required. The UniFi® Access Application is part of Ubiquiti’s platform designed for modern, managed door access control. It is used in …

20 – 26 Oct 2025 The next star of our #CVE of the Week series is CVE-2025-33073, an improper authorization flaw in Microsoft’s SMB implementation. As you might have noticed from its ID number, this is not a freshly discovered one, but it still deserves …

13 – 19 Oct 2025 This week’s CVE of The Week is about a remote code vulnerability in Windows Server Update Service (WSUS): CVE-2025-59287. The Windows Server Update Service provides a way for IT administrators to deploy the latest Microsoft product updates. They can use …

06 – 12 Oct 2025 A critical use-after-free vulnerability has surfaced in Redis — lurking in the codebase for over a decade. Dubbed RediShell, this CVSS 10.0 flaw lets attackers craft malicious Lua scripts to hijack memory and potentially execute remote code, reminding us that …

29 Sept – 05 Oct 2025 This week’s CVE of the Week highlights a critical zero-day in Cisco ASA and Secure Firewall appliances: CVE-2025-20333 (CVSS 9.9). For organizations relying on Cisco ASA, this is more than a patching exercise — it’s a battle for the …

22 – 28 Sept 2025 SolarWinds Web Help Desk (WHD) is a comprehensive help desk and ticketing solution designed for medium to large organizations. It supports IT support request tracking, workflow automation, asset management, and compliance monitoring in enterprise environments. Our current CVE of the …

15 – 21 Sept 2025 What is chaos engineering? No, with this week’s CVE of the Week post, we do not want to dominate the world. Chaos engineering is a proactive testing approach to intentionally introduce failures and errors into systems to investigate their resiliency …