QNAP patched two dozen vulnerabilities across its product portfolio, including 7 flaws demonstrated at Pwn2Own Ireland 2025.

This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute ...

Apple's iPhone has failed the security smell test. Researchers at Security Evaluators have found what is believed to be the first remote code execution flaw affecting the device -- a bug that can be ...

New Android spyware named Landfall delivered to Samsung device owners through the exploitation of a zero-day tracked as CVE-2025-21042.

Windows Server 2025 is currently vulnerable to a Remote Code Execution exploit and a patch for the issue doesn't seem to be ...

Update: Microsoft acknowledged PrintNightmare as a zero-day that has been affecting all Windows versions since before June 2021 security updates. Technical details and a proof-of-concept (PoC) exploit ...

Critical remote code execution flaw in Windows Server is being exploited in the wild, despite previous updates ...

Researchers found four vulnerabilities in vRealize Log Insight that were relatively non-threatening on their own but lead to significant compromise when used together. VMware published patches last ...

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several Zoho ManageEngine products. Tracked ...

A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering ...

What just happened? Being able to invade another player's game is one of the Dark Souls series' defining characteristics, but it seems this feature can be used for some very nefarious purposes.