WatchGuard has issued patches for a critical VPN security flaw in Fireware OS (CVE-2025-14733) that is actively being exploited in the wild, affecting multiple versions and configurations. Threat actors are targeting affected devices, with indicators of compromise provided. Users are urged to update their systems immediately and follow mitigation steps to prevent exploitation.
The article discusses the persistent exploitation of farmworkers in the U.S. and highlights the potential of the Fair Food Program, which has improved conditions for workers on participating farms like Pacific Tomato Growers. Despite its success, most farms resist joining due to costs and industry opposition, limiting the program's reach and impact on farmworker rights.
CISA has added the actively exploited CVE-2021-26829 XSS vulnerability in OpenPLC ScadaBR to its KEV catalog, highlighting ongoing threats from hacktivist groups like TwoNet, which exploited this flaw in a honeypot to deface a system. The attack involved using default credentials and web application layer exploits, with federal agencies required to patch by December 19, 2025. Additionally, a long-running exploit operation targeting Brazil has been observed, utilizing legitimate cloud infrastructure to evade detection.
A critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is actively exploited by threat actors across multiple organizations, despite Microsoft releasing an emergency patch. The flaw allows unauthenticated remote code execution, and attackers are conducting reconnaissance and data exfiltration, posing a significant risk to affected servers. Experts warn that the vulnerability's ease of exploitation and the patch's incomplete fix increase the threat landscape, urging organizations to apply updates promptly.
A critical vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287, has been exploited by attackers shortly after an emergency patch was issued. The flaw allows remote code execution and affects Windows Server versions 2012-2025. Despite Microsoft releasing a fix, security researchers warn that the patch may not fully mitigate the risk, and exploitation activity has been observed, especially targeting exposed WSUS instances. Experts advise organizations to ensure their systems are properly patched and not exposed to the internet to prevent compromise.
Netflix's documentary 'The Perfect Neighbor' highlights a tragic incident involving police footage and the suffering of children, raising concerns about the exploitation of trauma and the ethical boundaries of true crime storytelling.
A critical vulnerability in Fortra's GoAnywhere MFT (CVE-2025-10035) has been exploited by the cybercrime group Storm-1175 in Medusa ransomware attacks since September 2025, leading to widespread compromises and urging organizations to update their systems to prevent further damage.
Cisco has disclosed a actively exploited zero-day vulnerability (CVE-2025-20352) in its IOS and IOS XE software, affecting SNMP protocols and allowing remote code execution or DoS attacks. The flaw, rooted in a stack overflow, impacts all versions with SNMP enabled and has been exploited in the wild after attackers compromised administrator credentials. Cisco recommends immediate software updates and offers mitigation strategies, emphasizing the importance of strong credential management and restricted SNMP access.
Meta used publicly posted photos of schoolgirls in their teens to promote its platform Threads, targeting adult users, which has sparked outrage among parents and privacy advocates due to concerns over exploitation and inappropriate targeting. Meta claims the images did not violate policies and were used as part of recommendation tools, but critics argue this practice is highly inappropriate and risky for children's safety.
A young woman revealed her traumatic experience of being forced to attend 'porta-potty' parties in Dubai, where she was pressured into performing humiliating and disturbing acts involving bodily fluids, with allegations of exploitation, poor living conditions, and police indifference. The case has garnered attention amid broader concerns about abuse and trafficking in the region, though many details remain unverified.
A BBC investigation reveals disturbing stories of women trafficked to Dubai under false pretenses, forced into prostitution, subjected to degrading acts including 'porta potty' parties, and facing racial discrimination, with some women falling to their deaths amid ongoing investigations.
The Man in My Basement is an eerie psychodrama featuring Willem Dafoe as a sinister guest, exploring themes of racism, capitalism, and exploitation through a labyrinthine narrative set in 1990s Sag Harbor, where a black man rents his basement to a mysterious white businessman, leading to a nightmarish psychological confrontation.
The House Oversight Committee released a 238-page book containing tributes to Jeffrey Epstein on his 50th birthday, revealing disturbing details and comments about his sexual exploits and attitude towards women, highlighting his predatory behavior.
CISA has added a high-severity flaw in TP-Link Wi-Fi extenders and a WhatsApp vulnerability to its KEV catalog due to active exploitation, with the TP-Link issue being fixed but the product now EoL, and the WhatsApp flaw linked to targeted spyware campaigns. FCEB agencies are advised to apply mitigations by September 23, 2025.
CISA has added three actively exploited vulnerabilities affecting Citrix Session Recording and Git to its KEV catalog, with patches already available for two of the Citrix flaws and a proof-of-concept exploit released for the Git vulnerability. Federal agencies are required to implement mitigations by September 15, 2025.
