exploited

Landfall Android Spyware Targeted Samsung Phones via Zero-Day

Android malware, exploited, Landfall, Malware & Threats, Samsung, spyware, Zero-Day /

Landfall Android Spyware Targeted Samsung Phones via Zero-Day 2025-11-07 at 19:39 By Eduard Kovacs Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East.  The post Landfall Android Spyware Targeted Samsung Phones via Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Landfall Android Spyware Targeted Samsung Phones via Zero-Day Read More »

CISA Warns of CWP Vulnerability Exploited in the Wild

CISA KEV, Control Web Panel, CWP, exploited, Vulnerabilities /

CISA Warns of CWP Vulnerability Exploited in the Wild 2025-11-05 at 10:08 By Eduard Kovacs A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution. The post CISA Warns of CWP Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

CISA Warns of CWP Vulnerability Exploited in the Wild Read More »

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog

CISA KEV, exploited, VMWare, Vulnerabilities, XWiki /

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog 2025-10-31 at 13:59 By Ionut Arghire Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation. The post CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog Read More »

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks

China APT, Europe, exploited, LNK, Malware, Malware & Threats, Windows /

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks 2025-10-31 at 12:37 By Ionut Arghire The Windows shortcut vulnerability has been seen in attacks conducted by Mustang Panda to drop the PlugX malware. The post Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks Read More »

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation

crypto mining, Cryptocurrency, exploited, Malware & Threats, vulnerability, XWiki /

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation 2025-10-29 at 12:54 By Ionut Arghire Exploits have been available publicly for over half a year, but the bug was previously targeted only for reconnaissance. The post XWiki Vulnerability Exploited in Cryptocurrency Mining Operation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation Read More »

CISA Warns of Exploited DELMIA Factory Software Vulnerabilities

CISA KEV, DELMIA, exploited, ICS, ICS/OT, OT /

CISA Warns of Exploited DELMIA Factory Software Vulnerabilities 2025-10-29 at 11:41 By Ionut Arghire Two DELMIA Apriso flaws can be chained together to gain privileged access to the application and execute arbitrary code remotely. The post CISA Warns of Exploited DELMIA Factory Software Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

CISA Warns of Exploited DELMIA Factory Software Vulnerabilities Read More »

Year-Old WordPress Plugin Flaws Exploited to Hack Websites

exploited, Vulnerabilities, vulnerability, WordPress /

Year-Old WordPress Plugin Flaws Exploited to Hack Websites 2025-10-27 at 12:57 By Ionut Arghire Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced. The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Year-Old WordPress Plugin Flaws Exploited to Hack Websites Read More »

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

Chrome, Dante, exploited, Hacking Team, spyware, Vulnerabilities, Zero-Day /

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware 2025-10-27 at 11:33 By Ionut Arghire The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks. The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware Read More »

Critical Windows Server WSUS Vulnerability Exploited in the Wild 

CVE-2025-59287, exploited, Featured, Microsoft, Vulnerabilities, Windows, Windows Server, Wsus /

Critical Windows Server WSUS Vulnerability Exploited in the Wild  2025-10-24 at 17:56 By Eduard Kovacs CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Critical Windows Server WSUS Vulnerability Exploited in the Wild  Read More »

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk

Adobe Commerce, exploited, magento, Vulnerabilities /

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk 2025-10-23 at 14:17 By Ionut Arghire Patched in September, the SessionReaper bug could be exploited without authentication to bypass a security feature. The post Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk appeared first on SecurityWeek. This article is

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk Read More »

Lanscope Endpoint Manager Zero-Day Exploited in the Wild

exploited, Lanscope, Motex, Vulnerabilities, vulnerability, Zero-Day /

Lanscope Endpoint Manager Zero-Day Exploited in the Wild 2025-10-23 at 13:05 By Ionut Arghire The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog. The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is

Lanscope Endpoint Manager Zero-Day Exploited in the Wild Read More »

CISA Confirms Exploitation of Latest Oracle EBS Vulnerability 

CISA KEV, CVE-2025-61884, exploited, Featured, Oracle E-Business Suite, Oracle hack, Vulnerabilities /

CISA Confirms Exploitation of Latest Oracle EBS Vulnerability  2025-10-21 at 11:54 By Eduard Kovacs The cybersecurity agency has added CVE-2025-61884 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Confirms Exploitation of Latest Oracle EBS Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Confirms Exploitation of Latest Oracle EBS Vulnerability  Read More »

Gladinet Patches Exploited CentreStack Vulnerability

exploited, Gladinet, Gladinet CentreStack, Vulnerabilities, vulnerability /

Gladinet Patches Exploited CentreStack Vulnerability 2025-10-17 at 11:19 By Ionut Arghire The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue. The post Gladinet Patches Exploited CentreStack Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Gladinet Patches Exploited CentreStack Vulnerability Read More »

Organizations Warned of Exploited Adobe AEM Forms Vulnerability

Adobe, AEM Forms, CISA KEV, exploited, Featured, Vulnerabilities /

Organizations Warned of Exploited Adobe AEM Forms Vulnerability 2025-10-16 at 17:45 By Ionut Arghire A public PoC existed when Adobe patched the Experience Manager Forms (AEM Forms) bug in early August. The post Organizations Warned of Exploited Adobe AEM Forms Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Organizations Warned of Exploited Adobe AEM Forms Vulnerability Read More »

Cisco Routers Hacked for Rootkit Deployment

Cisco, exploited, Malware & Threats, Operation ZeroDisco, rootkit /

Cisco Routers Hacked for Rootkit Deployment 2025-10-16 at 14:17 By Ionut Arghire Threat actors are exploiting CVE-2025-20352, a recent Cisco zero-day, to deploy a rootkit on older networking devices. The post Cisco Routers Hacked for Rootkit Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Routers Hacked for Rootkit Deployment Read More »

Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching

Cl0p, E-Business Suite, exploited, Featured, Oracle E-Business Suite, Oracle hack, PoC, Vulnerabilities, Zero-Day /

Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching 2025-10-08 at 10:57 By Eduard Kovacs Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks. The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching Read More »

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks

exploited, Fortra, GoAnywhere, Ransomware, Vulnerabilities, vulnerability, Zero-Day /

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks 2025-10-07 at 12:40 By Ionut Arghire The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks Read More »

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks

Cl0p, Data Breaches, exploited, Featured, Oracle E-Business Suite, Oracle hack, Vulnerabilities, Zero-Day /

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks 2025-10-06 at 11:41 By Eduard Kovacs Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882. The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks Read More »

Organizations Warned of Exploited Meteobridge Vulnerability

CISA KEV, exploited, Meteobridge, Vulnerabilities, vulnerability /

Organizations Warned of Exploited Meteobridge Vulnerability 2025-10-03 at 13:49 By Ionut Arghire Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Organizations Warned of Exploited Meteobridge Vulnerability Read More »

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability

China APT, exploited, VMWare, Vulnerabilities, Zero-Day /

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability 2025-10-01 at 13:36 By Ionut Arghire Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM. The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability Read More »

Scroll to Top