MITRE shares 2025's top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
Stay informed on the latest in security disclosure practices. Keep your data safe with insights and updates on the newest disclosure trends in cybersecurity.
Search across headline titles and summaries.
Background for this topic.
Disclosure in information security means sharing details about vulnerabilities, breaches, or security incidents. This can be done privately with affected parties, coordinated to allow fixes before public release, or fully public, sometimes before patches exist. The method chosen affects how quickly risks are mitigated and how much attackers might exploit the information.
Proper disclosure helps organizations prioritize patching and reduces the window attackers have to exploit flaws. Poorly timed or incomplete disclosure can expose systems to increased risk, while transparent, coordinated disclosure supports effective vulnerability management and trust between researchers and defenders. Understanding disclosure practices is essential for assessing the urgency and reliability of security news.
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes
Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker to serious risks
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.
Microsoft's December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. [...]
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. [...]
Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw.
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild