Critical RCE in Apache Struts — CVE-2025-XXXX
A critical remote code execution vulnerability was disclosed affecting Apache Struts versions 2.x. Attackers can exploit this via crafted HTTP requests without authentication. Patch immediately.
Live Feed
Trending in Cyber.
Latest CVEs, bug bounty finds, tool updates, and cybersecurity news.
Researcher Earns $50,000 for SSRF Chain on Major Cloud Provider
A Pakistani security researcher chained SSRF with metadata exposure to achieve internal network access on a major cloud provider’s bug bounty program, earning a $50,000 reward.
PECA 2016 Enforcement: FIA Cracks Down on Unauthorized Access Cases
Pakistan’s FIA has increased enforcement of PECA 2016, issuing notices to individuals involved in unauthorized system access. Always ensure written authorization before any security testing.
Metasploit Framework 6.4 Released with New Evasion Modules
Rapid7 released Metasploit Framework 6.4 featuring improved evasion techniques, new auxiliary modules, and enhanced support for modern Windows environments in authorized testing.
WordPress Plugin Vulnerability Affects 1M+ Sites
A popular WordPress SEO plugin was found to contain an unauthenticated stored XSS vulnerability, exposing over 1 million websites. Update to version 4.2.1 or later immediately.