Recent GeoServer Vulnerability Exploited in Attacks 2025-12-12 at 15:31 By Ionut Arghire Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent GeoServer Vulnerability Exploited in Attacks Read More »
Unpatched Gogs Zero-Day Exploited for Months 2025-12-11 at 14:54 By Ionut Arghire The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution. The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Unpatched Gogs Zero-Day Exploited for Months Read More »
Google Patches Mysterious Chrome Zero-Day Exploited in the Wild 2025-12-11 at 09:49 By Eduard Kovacs The Chrome zero-day does not have a CVE and it’s unclear who reported it and which browser component it affects. The post Google Patches Mysterious Chrome Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt
Google Patches Mysterious Chrome Zero-Day Exploited in the Wild Read More »
Exploitation of React2Shell Surges 2025-12-08 at 12:00 By Eduard Kovacs An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Exploitation of React2Shell Surges Read More »
Chinese Hackers Exploiting React2Shell Vulnerability 2025-12-05 at 10:30 By Eduard Kovacs AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chinese Hackers Exploiting React2Shell Vulnerability Read More »
Critical King Addons Vulnerability Exploited to Hack WordPress Sites 2025-12-03 at 15:39 By Ionut Arghire A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from
Critical King Addons Vulnerability Exploited to Hack WordPress Sites Read More »
Android’s December 2025 Updates Patch Two Zero-Days 2025-12-02 at 15:15 By Ionut Arghire Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Android’s December 2025 Updates Patch Two Zero-Days Read More »
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack 2025-12-01 at 13:14 By Eduard Kovacs CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Read More »
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability 2025-11-24 at 17:48 By Eduard Kovacs CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability Read More »
Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day 2025-11-21 at 15:47 By Eduard Kovacs CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Read More »
Recent 7-Zip Vulnerability Exploited in Attacks 2025-11-20 at 13:09 By Ionut Arghire A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists. The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent 7-Zip Vulnerability Exploited in Attacks Read More »
Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign 2025-11-19 at 15:31 By Ionut Arghire Threat actors are exploiting a two-year-old vulnerability in the Ray AI framework in a fresh campaign that hit numerous clusters, Oligo reports. Maintained by Anyscale, Ray is an open source framework for scaling Python-based AI and ML applications. Ray clusters
Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign Read More »
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week 2025-11-19 at 11:49 By Ionut Arghire An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week Read More »
Chrome 142 Update Patches Exploited Zero-Day 2025-11-18 at 09:33 By Ionut Arghire The flaw was reported by Google’s Threat Analysis Group and was likely exploited by a commercial spyware vendor. The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chrome 142 Update Patches Exploited Zero-Day Read More »
Widespread Exploitation of XWiki Vulnerability Observed 2025-11-17 at 13:06 By Ionut Arghire The exploitation of the recent XWiki vulnerability has expanded to botnets, cryptocurrency miners, scanners, and custom tools. The post Widespread Exploitation of XWiki Vulnerability Observed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Widespread Exploitation of XWiki Vulnerability Observed Read More »
CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks 2025-11-13 at 17:14 By Ionut Arghire Federal agencies have reported as ‘patched’ ASA or FTD devices running software versions vulnerable to attacks. The post CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks appeared first on SecurityWeek. This article is an excerpt
CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks Read More »
Critical WatchGuard Firebox Vulnerability Exploited in Attacks 2025-11-13 at 14:40 By Ionut Arghire Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls. The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical WatchGuard Firebox Vulnerability Exploited in Attacks Read More »
Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon 2025-11-13 at 11:57 By Ionut Arghire Amazon has seen a threat actor exploiting CVE-2025-20337 and CVE-2025-5777, two critical Cisco and Citrix vulnerabilities, as zero-days. The post Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon Read More »
Microsoft Patches Actively Exploited Windows Kernel Zero-Day 2025-11-11 at 23:07 By Eduard Kovacs Microsoft’s latest Patch Tuesday updates address more than 60 vulnerabilities in Windows and other products. The post Microsoft Patches Actively Exploited Windows Kernel Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Microsoft Patches Actively Exploited Windows Kernel Zero-Day Read More »
Critical Triofox Vulnerability Exploited in the Wild 2025-11-11 at 17:38 By Ionut Arghire A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools. The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from
Critical Triofox Vulnerability Exploited in the Wild Read More »