2024 VMware Flaw Now in Attackers’ Crosshairs 2026-01-26 at 07:36 By Ionut Arghire The critical-severity vulnerability can be exploited via crafted network packets for remote code execution. The post 2024 VMware Flaw Now in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
2024 VMware Flaw Now in Attackers’ Crosshairs Read More »
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices 2026-01-23 at 16:05 By Ionut Arghire Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication. The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices Read More »
Organizations Warned of Exploited Zimbra Collaboration Vulnerability 2026-01-23 at 15:31 By Ionut Arghire CISA has added the Zimbra flaw to the KEV catalog along with three other bugs exploited in the wild. The post Organizations Warned of Exploited Zimbra Collaboration Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Organizations Warned of Exploited Zimbra Collaboration Vulnerability Read More »
Fresh SmarterMail Flaw Exploited for Admin Access 2026-01-23 at 12:46 By Ionut Arghire The exploitation of the authentication bypass vulnerability started two days after patches were released. The post Fresh SmarterMail Flaw Exploited for Admin Access appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fresh SmarterMail Flaw Exploited for Admin Access Read More »
New Wave of Attacks Targeting FortiGate Firewalls 2026-01-22 at 14:41 By Ionut Arghire Hackers bypass the FortiCloud SSO login authentication to create new accounts and change device configurations. The post New Wave of Attacks Targeting FortiGate Firewalls appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
New Wave of Attacks Targeting FortiGate Firewalls Read More »
Cisco Patches Vulnerability Exploited by Chinese Hackers 2026-01-16 at 11:54 By Ionut Arghire UAT-9686 exploited the bug to deploy the AquaShell backdoor on Cisco appliances with certain ports open to the internet. The post Cisco Patches Vulnerability Exploited by Chinese Hackers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Cisco Patches Vulnerability Exploited by Chinese Hackers Read More »
Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities 2026-01-13 at 21:52 By Eduard Kovacs Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released. The post Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities Read More »
Critical HPE OneView Vulnerability Exploited in Attacks 2026-01-08 at 13:20 By Ionut Arghire The maximum-severity code injection flaw can be exploited without authentication for remote code execution. The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical HPE OneView Vulnerability Exploited in Attacks Read More »
Hackers Exploit Zero-Day in Discontinued D-Link Devices 2026-01-07 at 14:34 By Ionut Arghire The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands. The post Hackers Exploit Zero-Day in Discontinued D-Link Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Hackers Exploit Zero-Day in Discontinued D-Link Devices Read More »
RondoDox Botnet Exploiting React2Shell Vulnerability 2026-01-02 at 14:42 By Ionut Arghire In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
RondoDox Botnet Exploiting React2Shell Vulnerability Read More »
Adobe ColdFusion Servers Targeted in Coordinated Campaign 2026-01-02 at 14:42 By Ionut Arghire GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Adobe ColdFusion Servers Targeted in Coordinated Campaign Read More »
Fortinet Warns of New Attacks Exploiting Old Vulnerability 2025-12-29 at 15:05 By Ionut Arghire Tracked as CVE-2020-12812, the exploited FortiOS flaw allows threat actors to bypass two-factor authentication. The post Fortinet Warns of New Attacks Exploiting Old Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fortinet Warns of New Attacks Exploiting Old Vulnerability Read More »
Fresh MongoDB Vulnerability Exploited in Attacks 2025-12-29 at 12:02 By Ionut Arghire Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fresh MongoDB Vulnerability Exploited in Attacks Read More »
WatchGuard Patches Firebox Zero-Day Exploited in the Wild 2025-12-22 at 15:09 By Ionut Arghire The critical-severity bug in the Fireware OS’s iked process leads to unauthenticated remote code execution. The post WatchGuard Patches Firebox Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
WatchGuard Patches Firebox Zero-Day Exploited in the Wild Read More »
CISA Warns of Exploited Flaw in Asus Update Tool 2025-12-18 at 15:37 By Ionut Arghire Tracked as CVE-2025-59374, the issue is a software backdoor implanted in Asus Live Update in a supply chain attack. The post CISA Warns of Exploited Flaw in Asus Update Tool appeared first on SecurityWeek. This article is an excerpt from
CISA Warns of Exploited Flaw in Asus Update Tool Read More »
SonicWall Patches Exploited SMA 1000 Zero-Day 2025-12-18 at 11:29 By Ionut Arghire The medium-severity flaw has been exploited in combination with a critical bug for remote code execution. The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
SonicWall Patches Exploited SMA 1000 Zero-Day Read More »
China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear 2025-12-18 at 09:18 By Eduard Kovacs The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances. The post China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear Read More »
In-the-Wild Exploitation of Fresh Fortinet Flaws Begins 2025-12-16 at 11:38 By Ionut Arghire Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
In-the-Wild Exploitation of Fresh Fortinet Flaws Begins Read More »
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery 2025-12-15 at 16:01 By Eduard Kovacs Google has also mentioned seeing React2Shell attacks conducted by Iranian threat actors. The post Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery Read More »
Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw 2025-12-15 at 13:22 By Eduard Kovacs Apple has released macOS and iOS updates to patch two WebKit zero-days exploited in an “extremely sophisticated” attack. The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw appeared first on SecurityWeek. This article is an excerpt
Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw Read More »