exploited

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear 2025-12-18 at 09:18 By Eduard Kovacs The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances. The post China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear Read More »

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins 2025-12-16 at 11:38 By Ionut Arghire Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins Read More »

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery 2025-12-15 at 16:01 By Eduard Kovacs Google has also mentioned seeing React2Shell attacks conducted by Iranian threat actors. The post Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery Read More »

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw 2025-12-15 at 13:22 By Eduard Kovacs Apple has released macOS and iOS updates to patch two WebKit zero-days exploited in an “extremely sophisticated” attack. The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw appeared first on SecurityWeek. This article is an excerpt

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw Read More »

Gladinet CentreStack Flaw Exploited to Hack Organizations

Gladinet CentreStack Flaw Exploited to Hack Organizations 2025-12-12 at 16:02 By Ionut Arghire Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw. The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Gladinet CentreStack Flaw Exploited to Hack Organizations Read More »

Recent GeoServer Vulnerability Exploited in Attacks

Recent GeoServer Vulnerability Exploited in Attacks 2025-12-12 at 15:31 By Ionut Arghire Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent GeoServer Vulnerability Exploited in Attacks Read More »

Unpatched Gogs Zero-Day Exploited for Months

Unpatched Gogs Zero-Day Exploited for Months 2025-12-11 at 14:54 By Ionut Arghire The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution. The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Unpatched Gogs Zero-Day Exploited for Months Read More »

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild 2025-12-11 at 09:49 By Eduard Kovacs The Chrome zero-day does not have a CVE and it’s unclear who reported it and which browser component it affects. The post Google Patches Mysterious Chrome Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild Read More »

Exploitation of React2Shell Surges

Exploitation of React2Shell Surges 2025-12-08 at 12:00 By Eduard Kovacs An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of React2Shell Surges Read More »

Chinese Hackers Exploiting React2Shell Vulnerability

Chinese Hackers Exploiting React2Shell Vulnerability 2025-12-05 at 10:30 By Eduard Kovacs AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese Hackers Exploiting React2Shell Vulnerability Read More »

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

Critical King Addons Vulnerability Exploited to Hack WordPress Sites 2025-12-03 at 15:39 By Ionut Arghire A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from

Critical King Addons Vulnerability Exploited to Hack WordPress Sites Read More »

Android’s December 2025 Updates Patch Two Zero-Days

Android’s December 2025 Updates Patch Two Zero-Days 2025-12-02 at 15:15 By Ionut Arghire Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Android’s December 2025 Updates Patch Two Zero-Days Read More »

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack 2025-12-01 at 13:14 By Eduard Kovacs CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Read More »

CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability

CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability 2025-11-24 at 17:48 By Eduard Kovacs CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog.  The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability Read More »

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day 2025-11-21 at 15:47 By Eduard Kovacs CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Read More »

Recent 7-Zip Vulnerability Exploited in Attacks

Recent 7-Zip Vulnerability Exploited in Attacks 2025-11-20 at 13:09 By Ionut Arghire A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists. The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent 7-Zip Vulnerability Exploited in Attacks Read More »

Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign

Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign 2025-11-19 at 15:31 By Ionut Arghire Threat actors are exploiting a two-year-old vulnerability in the Ray AI framework in a fresh campaign that hit numerous clusters, Oligo reports. Maintained by Anyscale, Ray is an open source framework for scaling Python-based AI and ML applications. Ray clusters

Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign Read More »

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week 2025-11-19 at 11:49 By Ionut Arghire An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week Read More »

Chrome 142 Update Patches Exploited Zero-Day

Chrome 142 Update Patches Exploited Zero-Day 2025-11-18 at 09:33 By Ionut Arghire The flaw was reported by Google’s Threat Analysis Group and was likely exploited by a commercial spyware vendor. The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 142 Update Patches Exploited Zero-Day Read More »

Widespread Exploitation of XWiki Vulnerability Observed

Widespread Exploitation of XWiki Vulnerability Observed 2025-11-17 at 13:06 By Ionut Arghire The exploitation of the recent XWiki vulnerability has expanded to botnets, cryptocurrency miners, scanners, and custom tools. The post Widespread Exploitation of XWiki Vulnerability Observed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Widespread Exploitation of XWiki Vulnerability Observed Read More »

Scroll to Top