Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited ...

Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks

Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and ...

Gnosis announces hard fork to recover funds from Balancer exploit

Balancer reported that white hats had managed to recover some of the funds stolen in a $116 million exploit, and Gnosis added ...
GitHub

CVE-2024-4577 PoC Exploit

This repository contains a proof-of-concept (PoC) exploit for CVE-2024-4577, a critical vulnerability affecting all versions of PHP running on Windows. The vulnerability allows attackers to execute ...
GitHub

Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

See openssh.patch for a simple patch to openssh that logs any connection attempt with a public key N matching the backdoor format. The backdoor uses a hardcoded ED448 public key for signature ...
The Hacker News

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high ...
The Hacker News

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of ...