CSO Online

Vulnerability prioritization beyond the CVSS number

A vulnerability in a tightly isolated sandbox may score a 9.8 but never affect anything else. Meanwhile, a 5.2 in a single ...
CoinTelegraph

Flow advances recovery plan, raises exchange concerns after $3.9M exploit

The plan to address a multimillion-dollar exploit continued with "phase two progress" on EVM after it scrapped a plan to roll back the blockchain. The Flow Foundation is continuing to implement a ...
Bleeping Computer

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...
CSO Online

For application security: SCA, SAST, DAST and MAST. What next?

If you think SAST and SCA are enough, you’re already behind. The future of app security is posture, provenance and proof, not ...
The New York Times

How Russia’s War Machine Brutalizes and Exploits Its Own Soldiers

In hundreds of official complaints, inadvertently posted online by the Russian government, soldiers and their loved ones describe a lawless and violent military apparatus that abuses its own troops to ...
Bleeping Computer

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the ...
Fox News

Apple patches two zero-day flaws used in targeted attacks

Apple has released emergency security updates to fix two zero-day vulnerabilities that attackers actively exploited in highly targeted attacks. The company described the activity as an "extremely ...