Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

federal agencies

CISA orders immediate patching after active exploitation of critical GeoServer XXE flaw

Cybercrime, News, Policy, Risk, Vulnerabilities

December 15, 2025

CISA has ordered federal agencies to patch a critical unauthenticated XML External Entity flaw in GeoServer (CVE-2025-58360) that is being actively exploited; researchers warn the bug can disclose files and enable SSRF, and public scans show thousands of exposed instances.
Over 29,000 Microsoft Exchange Servers Remain Vulnerable to Severe Exploit

Cybercrime, News, Policy, Vulnerabilities

August 11, 2025

Over 29,000 Microsoft Exchange servers remain unpatched against a critical security flaw, CVE-2025-53786, which allows attackers to escalate privileges and potentially compromise entire domains. This vulnerability has prompted emergency directives from U.S. federal agencies to enforce patching.

About
Editorial Policy
Privacy
Contact