The article details a series of vulnerabilities found in the FortiSIEM appliance, culminating in CVE-2025-64155. It describes how these issues enable remote code execution and privilege escalation, showcasing the exploitation process that leads to full system compromise. The timeline of reporting and patching efforts by Fortinet is also outlined.

Researchers revealed a serious security flaw in Docker's Ask Gordon AI that allowed attackers to execute code and steal sensitive data. The vulnerability, called DockerDash, exploited unverified metadata in Docker images, which the AI treated as executable commands. Docker has fixed the issue in version 4.50.0.

The CISA has reported that a vulnerability in Control Web Panel (CWP) is being actively exploited by attackers. An estimated 150,000 internet-exposed CWP instances are at risk, prompting federal agencies to address this issue by November 25.

A serious vulnerability in React, identified as CVE-2025-55182, allows remote code execution by unauthenticated attackers. It affects multiple versions of React and related frameworks like Next.js, prompting security firms to issue patches and warnings of imminent exploitation.

This article details a serious security vulnerability in Fortinet's FortiWeb that allows attackers to impersonate users, including administrators, through a path traversal and authentication bypass exploit. The vulnerability, identified as CVE-2025-64446, enables unauthorized access to administrative functions, potentially compromising the affected systems.

GhostKatz extracts LSASS credentials from physical memory using vulnerable signed drivers. Developed by Julian Peña and Eric Esquivel, it allows users to exploit known driver vulnerabilities for credential dumping. The tool is modular, enabling research on additional drivers.

The article details a serious vulnerability in AWS ROSA Classic Clusters that allowed unauthenticated attackers to take control of clusters and access underlying AWS accounts. The exploit involved manipulating cluster transfer requests without proper authorization checks, enabling mass compromises. The author outlines the discovery, mechanics, and potential impacts of the attack.

This article details the process of finding and exploiting a vulnerability in the IN-8401 2K+ IP camera. The author describes steps from firmware extraction to building an ARM ROP chain for unauthenticated remote code execution. It highlights the importance of proper debugging and analysis methods in discovering security flaws.

A serious security vulnerability in older D-Link DSL gateway routers allows attackers to execute commands remotely through the "dnscfg.cgi" endpoint. The flaw affects several models, which are no longer supported, and can lead to DNS hijacking and ongoing security risks for users. Device owners should upgrade to newer models to mitigate these threats.

This article details the GatewayToHeaven vulnerability in Google Cloud's Apigee, allowing attackers to access cross-tenant logs and data. It explains how to exploit Apigee's architecture to escalate privileges and potentially impersonate users by retrieving sensitive data.

The article details the rapid exploitation attempts of the React2Shell vulnerability (CVE-2025-55182) following its disclosure on December 3, 2025. Threat actors quickly utilized various tools to scan for and exploit vulnerable React Server Components across multiple regions, targeting significant organizations and critical infrastructure. It also mentions two other related vulnerabilities and Cloudflare's response to mitigate these risks.

This article outlines a local privilege escalation vulnerability in Synology DSM 7.3.2 that allows authenticated users to gain root access when DownloadStation with BitTorrent is enabled. The exploit involves three misconfigurations: a world-writable socket, a world-writable directory, and a missing mount flag. The author details how to exploit these issues to achieve full system compromise.

This article discusses the CVE-2025-62507 vulnerability in Redis, which allows for remote code execution through a stack buffer overflow triggered by the XACKDEL command. The authors analyze how the vulnerability can be exploited and provide a proof of concept to demonstrate the risk.

The React2Shell vulnerability allows unauthenticated remote code execution in React Server Components, posing a significant risk for affected applications. Organizations using vulnerable versions must patch immediately to prevent exploitation. Runtime detection and WAF rules can offer temporary protection, but fixing the code is essential.

CrushFTP announced a critical vulnerability (CVE-2025-54309) that allows remote attackers to gain admin access via HTTPS, affecting numerous instances of its file transfer server. Despite the potential for exploitation, the vendor's messaging seemed dismissive, placing blame on users for not patching systems that were silently updated. The article also details the authors' investigation into the exploitation of this vulnerability using their proprietary honeypot technology.

A critical vulnerability in Microsoft's SharePoint, tracked as CVE-2025-53770, is being actively exploited, allowing unauthenticated remote code execution on affected servers. The vulnerability has led to significant incidents, including breaches in multiple organizations, with estimates of compromised systems rising to 400. Government and private sectors are currently grappling with the fallout from this mass exploitation.

The article discusses the exploitation of CVE-2025-37947 in ksmbd, focusing on the challenges and methodologies used to achieve local privilege escalation. It details the vulnerability's root cause, the proof of concept implementation, and the kernel memory allocation intricacies that enable the exploit. The author emphasizes the importance of understanding memory management for effective exploitation.

Researchers exploited a vulnerability in CodeRabbit, an AI code review tool, allowing them to achieve remote code execution (RCE) and gain read/write access to 1 million repositories. The exploitation involved creating a malicious pull request that leveraged a flaw in the integration of external static analysis tools, leading to the leakage of sensitive API tokens and secrets. CodeRabbit quickly remediated the vulnerabilities after disclosure, enhancing their security measures in response.

A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.

A vulnerability on the American Archive of Public Broadcasting's website allowed unauthorized access to protected media for years before being patched this month. The flaw, which had been exploited since at least 2021, involved a simple script that bypassed access controls, leading to concerns about the sharing of private content within data hoarding communities on Discord. AAPB has since confirmed the fix and reinforced its commitment to protecting archival materials.

A critical vulnerability in the Windows NTFS file system, identified as CVE-2025-49689, allows for exploitation through specially crafted virtual disks (VHD). This vulnerability leads to multiple memory corruptions due to insufficient checks on integer overflow, facilitating potential escalation of privileges for attackers using malicious virtual disks in phishing attempts.