Axios npm Package Backdoored by North Korean Threat Actor (UNC1069)

Scope: JavaScript/Node.js developers, CI/CD pipelines using Axios

Severity: Red

 

Read More

WinRAR path traversal zero-day (CVE-2025-8088) exploited to deploy malware

Scope: WinRAR (archive utility)

Read More

Microsoft Exchange 2016 & 2019 Reach End of Support in 30 Days

Scope: Microsoft Exchange Server 2016 & 2019 (On-Premises)

Severity: Amber (High)

Read More

SAP S/4HANA code-injection (CVE-2025-42957) now under active exploitation

Scope: SAP S/4HANA

Read More

Android September 2025 – two actively exploited elevation-of-privilege flaws

Google’s September update addresses 80+ issues, including two zero-days (kernel and ART EoP) exploited in the wild.

Read More

Chrome zero-day (CVE-2025-6554) – sandbox escape/type confusion

Scope: Google Chrome (Windows/Mac/Linux)

Read More