Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. The ...

Server-side rendering vulnerabilities could allow attackers to steal authorization headers or perpetrate phishing and SEO hacking.

A vulnerability in the Google Web Stories plug-in for WordPress could be exploited via a server-side request forgery (SSRF) vulnerability to steal Amazon Web Services (AWS) metadata from sites hosted ...

Commvault is warning customers of a critical vulnerability affecting Command Center, a web-based management console for its data protection and backup offerings. The flaw, tracked as CV-2025-34028, ...

WPScan and the United States Government National Vulnerability Database published a notice of a vulnerability discovered in the HubSpot WordPress plugin. The vulnerability exposes users of the plugin ...

The new vulnerabilities were introduced by a fix for the previous Ivanti flaws, and customers are urged to install a new update. Days after Ivanti announced patches for a new vulnerability in its ...

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. A server-side ...

Microsoft has fixed vulnerabilities in four separate services of its Azure cloud platform, two of which could have allowed attackers to perform a server-side request forgery (SSRF) attack — and thus ...

Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware ...