Stay updated on the latest zero-day vulnerabilities and critical security flaws — curated for cybersecurity professionals.
A critical zero-day (CVE-2025-24990) in Windows allows local users to escalate privileges via untrusted pointer dereference in the Agere Modem driver (ltmdm64.sys). Actively exploited in the wild — apply mitigation immediately.
Read More→A critical zero-day (CVE-2025-59230) in Windows Remote Access Connection Manager allows local users to escalate privileges via improper access control. Actively exploited — patch immediately.
Read More→A zero-day (CVE-2025-47827) in Windows IGEL OS allows attackers with physical access to bypass Secure Boot using improper verification of cryptographic signatures. Actively exploited — immediate mitigation recommended.
Read More→A zero-day (CVE-2025-61884) in Oracle E-Business Suite allows remote attackers to perform SSRF attacks via the Configurator Runtime UI. Exploitation may lead to sensitive data access and lateral network attacks.
Read More→A critical zero-day (CVE-2025-41244) in VMware Tools allows local users to escalate privileges to superuser via improper access control. Actively exploited since October 2024 — patch immediately.
Read More→An unauthenticated path traversal zero-day (CVE-2025-11371) in Gladinet CentreStack allows remote attackers to read arbitrary files. The flaw is actively exploited and, as of the advisory, remains unpatched — apply mitigations immediately.
Read More→