Vulnerabilities

Attacks Against Government Entities, Defense Sector, and Human Targets

Government, Perspectives, Security Research, Vulnerabilities /

Attacks Against Government Entities, Defense Sector, and Human Targets 2025-02-25 at 17:08 By Pawel Knapczyk and Nikita Kazymirskyi In the first part of Trustwave SpiderLabs’ Russia-Ukraine war blog series, we gave a brief look at our major findings as well as the main differences between how Russia and Ukraine wage attacks in the digital frontlines. In […]

React to this headline:

Loading spinner

Attacks Against Government Entities, Defense Sector, and Human Targets Read More »

CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability

Agile PLM, CISA KEV, exploited, Oracle, Vulnerabilities /

CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability 2025-02-25 at 13:43 By Eduard Kovacs CISA has added CVE-2024-20953, an Oracle Agile PLM vulnerability patched in January 2024, to its KEV catalog.  The post CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability Read More »

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics

China, Cisco, Cisco Talos, CVE-2018-0171, Nation-State, Salt Typhoon, Vulnerabilities /

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics 2025-02-21 at 17:04 By Ryan Naraine Cisco Talos observed Chinese hackers team pivoting from a compromised device operated by one telecom to target a device in another telecom. The post Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics Read More »

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers

MongoDB, Vulnerabilities, vulnerability /

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers 2025-02-21 at 15:21 By Ionut Arghire OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server. The post Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers Read More »

CISA Warns of Attacks Exploiting Craft CMS Vulnerability

CISA KEV, Craft, exploited, Vulnerabilities /

CISA Warns of Attacks Exploiting Craft CMS Vulnerability 2025-02-21 at 13:48 By Eduard Kovacs CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

CISA Warns of Attacks Exploiting Craft CMS Vulnerability Read More »

Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls

CISA KEV, exploited, Featured, firewall, Palo Alto Networks, Vulnerabilities /

Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls 2025-02-21 at 13:21 By Eduard Kovacs Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks. The post Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls Read More »

Three Years of Cyber Warfare: How Digital Attacks Have Shaped the Russia-Ukraine War

Database Protection, Vulnerabilities /

Three Years of Cyber Warfare: How Digital Attacks Have Shaped the Russia-Ukraine War 2025-02-21 at 00:01 By As the third anniversary of the start of the Russia-Ukraine war approaches, Trustwave SpiderLabs created a series of blog posts to look back, reflect upon, and explain how this 21st Century war is being fought not just on

React to this headline:

Loading spinner

Three Years of Cyber Warfare: How Digital Attacks Have Shaped the Russia-Ukraine War Read More »

Atlassian Patches Critical Vulnerabilities in Confluence, Crowd

Atlassian, patch, Vulnerabilities, vulnerability /

Atlassian Patches Critical Vulnerabilities in Confluence, Crowd 2025-02-20 at 15:40 By Ionut Arghire Atlassian has released patches for 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira. The post Atlassian Patches Critical Vulnerabilities in Confluence, Crowd appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Atlassian Patches Critical Vulnerabilities in Confluence, Crowd Read More »

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities

Ivanti, PoC, Vulnerabilities, vulnerability /

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities 2025-02-20 at 13:47 By Ionut Arghire Proof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available. The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities Read More »

Microsoft Patches Exploited Power Pages Vulnerability

exploited, Featured, Microsoft, Power Pages, Vulnerabilities /

Microsoft Patches Exploited Power Pages Vulnerability 2025-02-20 at 12:49 By Eduard Kovacs Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks. The post Microsoft Patches Exploited Power Pages Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Microsoft Patches Exploited Power Pages Vulnerability Read More »

OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks

DoS, MITM, OpenSSH, Vulnerabilities /

OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks 2025-02-19 at 15:41 By Ionut Arghire The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction. The post OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks Read More »

Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities 2025-02-19 at 15:01 By Ionut Arghire Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox security updates. The post Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities Read More »

The Rise of Email Marketing Platforms for Business Email Compromise Attacks

email security, Emerging Threats, Vulnerabilities /

The Rise of Email Marketing Platforms for Business Email Compromise Attacks 2025-02-18 at 21:49 By Maria Katrina Udquin In a statistical report published in September 2024 by the Federal Bureau of Investigation (FBI), it was revealed that more than US$55 billion was lost to business email compromise (BEC) attacks between October 2013 and December 2023. This profitability

React to this headline:

Loading spinner

The Rise of Email Marketing Platforms for Business Email Compromise Attacks Read More »

Critical Vulnerability Patched in Juniper Session Smart Router

Juniper, Vulnerabilities, vulnerability /

Critical Vulnerability Patched in Juniper Session Smart Router 2025-02-18 at 15:34 By Eduard Kovacs A critical vulnerability tracked as CVE-2025-21589 has been patched in Juniper Networks’ Session Smart Router. The post Critical Vulnerability Patched in Juniper Session Smart Router appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Critical Vulnerability Patched in Juniper Session Smart Router Read More »

Palo Alto Networks Confirms Exploitation of Firewall Vulnerability

exploited, Featured, firewall, Palo Alto Networks, Vulnerabilities /

Palo Alto Networks Confirms Exploitation of Firewall Vulnerability 2025-02-18 at 13:20 By Eduard Kovacs Palo Alto Networks has confirmed that a recently patched firewall vulnerability tracked as CVE-2025-0108 is being actively exploited. The post Palo Alto Networks Confirms Exploitation of Firewall Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Palo Alto Networks Confirms Exploitation of Firewall Vulnerability Read More »

Xerox Versalink Printer Vulnerabilities Enable Lateral Movement

Endpoint Security, printer, Vulnerabilities, vulnerability, Xerox /

Xerox Versalink Printer Vulnerabilities Enable Lateral Movement 2025-02-17 at 13:03 By Ionut Arghire Xerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers. The post Xerox Versalink Printer Vulnerabilities Enable Lateral Movement appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Xerox Versalink Printer Vulnerabilities Enable Lateral Movement Read More »

Meta Paid Out Over $2.3 Million in Bug Bounties in 2024

bug bounty program, Meta, Vulnerabilities /

Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 2025-02-14 at 15:37 By Ionut Arghire Meta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024. The post Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 Read More »

SonicWall Firewall Vulnerability Exploited After PoC Publication

exploited, firewall, SonicWall, Vulnerabilities, vulnerability /

SonicWall Firewall Vulnerability Exploited After PoC Publication 2025-02-14 at 14:36 By Ionut Arghire The exploitation of a recent SonicWall vulnerability has started shortly after proof-of-concept (PoC) code was published. The post SonicWall Firewall Vulnerability Exploited After PoC Publication appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

SonicWall Firewall Vulnerability Exploited After PoC Publication Read More »

New Windows Zero-Day Exploited by Chinese APT: Security Firm

China, exploited, Mustang Panda, Vulnerabilities, Windows, Zero-Day /

New Windows Zero-Day Exploited by Chinese APT: Security Firm 2025-02-14 at 13:52 By Eduard Kovacs ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda.  The post New Windows Zero-Day Exploited by Chinese APT: Security Firm appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

New Windows Zero-Day Exploited by Chinese APT: Security Firm Read More »

Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure

exploited, firewall, Palo Alto Networks, Vulnerabilities /

Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure 2025-02-14 at 13:24 By Eduard Kovacs Attempts to exploit CVE-2024-0108, an authentication bypass vulnerability in Palo Alto firewalls, started one day after disclosure.  The post Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure Read More »

Scroll to Top