Infosecurity Magazine

Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure

VulnCheck analysts found that vulnerabilities exploited before being publicly disclosed rose from 23.6% in 2024 to 28.96% in 2025 ...
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...
WeLiveSecurity

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

As many as 97 out of the 138 vulnerabilities disclosed as actively exploited in the wild in 2023 were zero-days, according to a report from Mandiant. The rest of the software flaws under review were ...
WeLiveSecurity

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught ...
Infosecurity-magazine.com

Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack

In a new proof-of-concept, endpoint security provider Morphisec showed that the Exploit Prediction Scoring System (EPSS), one of the most widely used frameworks for assessing vulnerability exploits, ...
CSOonline

Alert: Exploit available to threat actors for SAP S/4HANA critical vulnerability

SAP S/4HANA admins who haven’t already installed a critical August 11 patch could be in trouble: An exploit for the code injection vulnerability is already being exploited in the wild. The ...