SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...

Microsoft Confirms SQL Zero-Day Security Vulnerability—Here’s The Fix

Microsoft has confirmed that a hacker who successfully exploits a zero-day SQL vulnerability could gain system administrator privileges. Here’s how to fix it.
CSOonline

CISA orders immediate patching as GeoServer flaw faces active exploitation

CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately. The flaw, tracked as CVE-2025-58360, ...
Infosecurity-magazine.com

Microsoft Fixes Windows Kernel Zero Day in November Patch Tuesday

Microsoft issued security updates to fix over 60 CVEs in the November Patch Tuesday yesterday, including one being actively exploited in the wild. No public proof-of-concept has been released for ...
Bleeping Computer

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices. Days later, the ...
Hosted on MSN

Microsoft issues emergency Windows server security patch - update now or risk attack

Microsoft issues emergency patch for a critical WSUS flaw enabling remote code execution CVE-2025-59287 allows unauthenticated attackers to gain SYSTEM privileges without user interaction An ...
Dark Reading

Microsoft Issues Emergency Patch for Critical Windows Server Bug

Microsoft on Thursday deployed a reworked update for a critical vulnerability in the Windows Server Update Service (WSUS) that has come under attack in the wild. CVE-2025-59287 is a remote code ...