SecurityWeek

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

The CISA KEV catalog was expanded with 245 vulnerabilities in 2025, including 24 flaws exploited by ransomware groups.

Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions

Predator has remained available through the Intellexa spyware consortium despite US sanctions imposed in 2024 on ...
CSO Online

Patch Tuesday 2025 roundup: The biggest Microsoft vulnerabilities of the year

Every day has the potential to be a bad day for a CSO. However, the second Tuesday of each month – Patch Tuesday – is almost ...
DMR News

GreyNoise Flags Holiday Exploitation Campaign Targeting Adobe ColdFusion Servers

Security researchers at GreyNoise have reported a coordinated exploitation campaign targeting Adobe ColdFusion servers, with ...

This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.