Latest cybersecurity reporting from selected sources.

Scans Count 117,000 Unpatched Firewalls Running Vulnerable Version of Fireware OSAttackers are actively attempting to exploit a now patched, zero-day vulnerability in WatchGuard Firebox firewalls, tracked as CVE-2025-14733, that can be used to remotely execute code. Scans show that over 115,000 of these edge devices remain internet-connected, unpatched and at risk.

2 More Vulnerabilities Need Patching in React Server Components, Warns VercelMass exploitation of the "React2Shell" - CVE-2025-55182 - vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn.

Citrix Publishes Patches After Attackers Exploit Memory Overflow VulnerabilityNetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day. Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775. The vulnerability carries a CVSS score of 9.2.

RomCom Group Deployed SnipBot, RustyClaw and Mythic Agent VariantsA Russian speaking hacking group is exploiting a zero-day flaw in WinRAR, a sign of the group's growing sophistication and evolution from a cybercrime outfit into a cyberespionage operation. The campaign exploited a vulnerability now tracked as CVE-2025-8088, a path traversal vulnerability.

Ransomware Group Among Attackers Focused on Exploiting Citrix Netscaler FlawSecurity experts warn that attackers have ramped up their collective attempts to find and exploit Citrix NetScaler devices that remain unpatched. Cloud Security Group patched CVE-2025-5777, a flaw also known as "Citrix Bleed 2," nearly four weeks ago with a software update.

Unauthenticated Hackers Exploit CVE-2025-31324 to Upload WebshellsThreat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP's security division, Onapsis, disclosed that CVE-2025-31324 is "actively exploited in the wild."

Patch Urgency Increases as Code to Exploit CVE-2025-1974 Vulnerability PublishedScans reveal that thousands of Kubernetes clusters' Ingress Nginx Controller software remain internet-exposed, which experts said is bad practice. More importantly, the software needs updating to fix a critical vulnerability that can be remotely exploited to seize complete control of a cluster.

Microsoft Uncovered Flaw That Affects macOS System Integrity Protection FeatureApple patched a vulnerability that allows hackers to bypass a key security feature in macOS by through third-party kernel extensions. Microsoft researchers uncovered the flaw tracked as CVE-2024-44243. The flaw could enable hackers to install rootkits and create malware with privileged access.

Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity CheckA critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143.

SQL Injection Flaw Affects All Supported Versions of Ivanti Endpoint ManagerIvanti issued an urgent alert to users of its endpoint security product to patch a critical vulnerability that exposes systems to potential exploitation by unauthorized attackers. The SQL injection vulnerability tracked as CVE-2023-39336 is in all supported versions of Ivanti Endpoint Manager.