ALL POSTS

Key Findings: CISA has added two actively exploited vulnerabilities in Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are CVE-2025-49113 (CVSS 9.9) and CVE-2025-68461 (CVSS 7.2). CVE-2025-49113 is a deserialization of untrusted data flaw that allows remote code execution by authenticated users. CVE-2025-68461 is a cross-site scripting vulnerability in the "animate" tag of an SVG document. Attackers have already weaponized

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities Key Findings: CISA added four security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities affect Synacor Zimbra Collaboration Suite, Versa Concerto SD-WAN orchestration platform, Vite Vitejs, and eslint-config-prettier npm package. CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to apply th