Security

A critical unpatched Apache Tomcat zero-day is under active attack. The flaw allows RCE via HTTP/2 multiplexing and has already hit telecom infrastructure.

A critical zero-day in Sophos firewalls is being actively exploited by ransomware groups, with no workaround yet available — admins must patch immediately.

Atlassian Confluence zero-day exploited in wild attacks. CISA warns of active exploitation, patch now.

CISA warns of active exploitation of a deserialization flaw in Trimble Cityworks, enabling remote code execution on critical infrastructure.

A critical zero-day vulnerability in VMware vCenter Server is under active exploitation, allowing attackers to gain complete control over virtualized environments.

Linux netfilter zero-day exploited in wild. Critical vulnerability allows remote code execution on affected Linux systems.

A critical zero-day in Cisco IOS XE is being actively exploited in the wild, allowing attackers full remote control of vulnerable switches and routers.

CISA adds a critical Linux kernel privilege escalation flaw to its Known Exploited Vulnerabilities catalog following active attacks.

Fortinet zero-day exploit leads to remote code execution in SSL VPN appliances, with active exploitation reported by CISA.

Mitel MiCollab zero-day CVE-2024-41713 actively exploited in March 2025. CISA adds to catalog. Urgent patch.

Apple released emergency fixes for a WebKit zero-day (CVE-2025-24201) exploited in the wild. Update iOS, macOS, and Safari immediately.

Apple's latest kernel zero-day exploit (CVE-2025-24201) is being exploited in the wild, targeting iOS and macOS devices. Urgent patching required.