Attackers hit React defect as researchers quibble over proof
A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.
Advertisement
VulnCheck
Developers scramble as critical React flaw threatens major apps
The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.
What’s left to worry (and not worry) about in the F5 breach aftermath
Researchers say the nation-state attacker could cause more serious problems with the BIG-IP source code it nabbed during the attack on F5’s systems.
Worries mount over max-severity GoAnywhere defect
Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.
Researchers raise alarm over maximum-severity defect in GoAnywhere file-transfer service
The vendor didn’t provide evidence of active exploitation, yet experts said it’s only a matter of time before that changes.
Sitecore zero-day vulnerability springs up from exposed machine key
The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.
Advertisement
VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025
The vulnerability threat intelligence firm’s research reinforces a slew of recent reports warning about increased exploits in 2024.
Is Ivanti the problem or a symptom of a systemic issue with network devices?
Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.