This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.
CSO Online

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
VentureBeat

Spring Core vulnerability doesn’t seem to be Log4Shell all over again

A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, does not appear to represent a Log4Shell-level threat. Security researchers at several organizations ...
VentureBeat

VMware says 3 Tanzu products impacted by Spring4Shell vulnerability

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More VMware disclosed on Saturday that three Tanzu products are “impacted” by ...
Bleeping Computer

New regreSSHion OpenSSH RCE bug gives root on Linux servers

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. OpenSSH is a suite of networking utilities based on the ...
HHS

Attackers Exploit Shellshock Bug

The recently discovered Shellshock - or Bash - vulnerability is being actively targeted by malware gangs, who appear to have already claimed more than 700 victims. See Also: Averting the Breach: 5 ...
Computer Weekly

Apache vulnerability a risk, but not as widespread as Log4Shell

Security teams should be alert to the possibility of compromise arising from a vulnerability in Apache Commons Text that may put many organisations at risk, but is unlikely to be as impactful as ...