Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...
The Hacker News

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard fixed CVE-2025-14733, a critical Fireware OS VPN flaw with CVSS 9.3 that is actively exploited in the wild.
CSO Online

WatchGuard fixes ‘critical’ zero-day allowing firewall takeover

Because it was under attack before a patch was made available by WatchGuard on December 18, this makes CVE-2025-14733 a bona ...
Dark Reading

'Fake Proof' and AI Slop Hobble Defenders

In the React2Shell saga, nonworking and trivial proof-of-concept exploits led to a false sense of security. Can the onslaught ...
CNET

Download iOS 26.2 Now to Patch These Zero-Day Vulnerabilities on Your iPhone

Zach began writing for CNET in November, 2021 after writing for a broadcast news station in his hometown, Cincinnati, for five years. You can usually find him reading and drinking coffee or watching a ...