Bleeping Computer

Actively exploited Apache 0-day also allows remote code execution

Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that ...
Bleeping Computer

Latest Path Traversal news

Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. A Fortinet FortiWeb path traversal vulnerability is being ...
Hosted on MSN

Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks

Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.… The bug, tracked as CVE-2025-8088, is a ...
CSOonline

Mitel MiCollab VoIP authentication bypass opens new attack paths

Researchers released a proof-of-concept exploit for a path traversal flaw in the enterprise VoIP suite that, coupled with an arbitrary file read issue, can give attackers access to protected files, ...