Vulnerabilities

Tackling the Modern WAF Challenge: Why Managed WAAP Is the Key to Effective Application Security

Tackling the Modern WAF Challenge: Why Managed WAAP Is the Key to Effective Application Security 2025-10-09 at 16:42 By Organizations today face a continuous struggle to secure their web applications against threats that constantly evolve in the fast-paced digital landscape. The Web Application Firewall (WAF) serves as a primary line of defense against these threats; […]

React to this headline:

Loading spinner

Tackling the Modern WAF Challenge: Why Managed WAAP Is the Key to Effective Application Security Read More »

Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching

Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching 2025-10-08 at 10:57 By Eduard Kovacs Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks. The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching Read More »

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks 2025-10-07 at 12:40 By Ionut Arghire The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks Read More »

The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn

The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn 2025-10-07 at 11:43 By Eduard Kovacs The Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today against ICS and consumer devices. The post The Y2K38 Bug Is a Vulnerability, Not

React to this headline:

Loading spinner

The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn Read More »

Manufacturing: Executives Voice Cyberattack Readiness Concerns

Manufacturing: Executives Voice Cyberattack Readiness Concerns 2025-10-06 at 17:12 By Manufacturing executives recently surveyed by LevelBlue expressed a deep concern that emerging attack methods, such as deepfakes and AI-powered attacks, will take place just as often as more traditional attacks. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Manufacturing: Executives Voice Cyberattack Readiness Concerns Read More »

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk 2025-10-06 at 17:12 By Ionut Arghire The flaw could lead to local code execution, allowing attackers to access confidential information on devices running Unity-built applications. The post Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk appeared first on SecurityWeek.

React to this headline:

Loading spinner

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk Read More »

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks 2025-10-06 at 11:41 By Eduard Kovacs Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882. The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks Read More »

Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0?

Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0? 2025-10-04 at 01:35 By A vulnerability on a popular source-code editor has been recently released along with a proof-of-concept (POC) exploit, but the security community isn’t so sure that it’s a legitimate flaw. This article is an excerpt from SpiderLabs Blog View Original Source React to

React to this headline:

Loading spinner

Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0? Read More »

Unauthenticated RCE Flaw Patched in DrayTek Routers

Unauthenticated RCE Flaw Patched in DrayTek Routers 2025-10-03 at 14:45 By Ionut Arghire The security defect can be exploited remotely via crafted HTTP/S requests to a vulnerable device’s web user interface. The post Unauthenticated RCE Flaw Patched in DrayTek Routers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Unauthenticated RCE Flaw Patched in DrayTek Routers Read More »

Organizations Warned of Exploited Meteobridge Vulnerability

Organizations Warned of Exploited Meteobridge Vulnerability 2025-10-03 at 13:49 By Ionut Arghire Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Organizations Warned of Exploited Meteobridge Vulnerability Read More »

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities 2025-10-03 at 11:44 By Ionut Arghire High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components. The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities Read More »

LevelBlue Managed WAAP Enables Organizations to Solve Day 1 WAAP Implementation Challenges

LevelBlue Managed WAAP Enables Organizations to Solve Day 1 WAAP Implementation Challenges 2025-10-02 at 16:09 By Deploying Web Application and API Protection (WAAP) systems is crucial for bolstering cybersecurity defenses. Akamai reported 108 billion API attacks over an 18-month period, underscoring the value of APIs to cybercriminals. Like any new security measure, the initial deployment

React to this headline:

Loading spinner

LevelBlue Managed WAAP Enables Organizations to Solve Day 1 WAAP Implementation Challenges Read More »

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks 2025-10-01 at 17:08 By Eduard Kovacs Three vulnerabilities have been patched with the release of OpenSSL updates.  The post OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks Read More »

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability 2025-10-01 at 13:36 By Ionut Arghire Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM. The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability Read More »

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers 2025-09-30 at 16:00 By The threat groups Qilin and Akira together conducted about one-quarter of the 402 ransomware attacks tracked by Trustwave SpiderLabs in September, with the manufacturing and technology sectors receiving the brunt of these efforts. This article is an excerpt from Trustwave

React to this headline:

Loading spinner

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers Read More »

From Folding to Folded: Hacking High Volume Mailer Machines

From Folding to Folded: Hacking High Volume Mailer Machines 2025-09-30 at 16:00 By John Jackson The Quadient DS-700iQ is a high-volume folder-inserter machine designed for automating the process of assembling, folding, and inserting mail into envelopes for large mailing operations. It features a modular design that can handle complex mailing jobs, supports multiple feeders and

React to this headline:

Loading spinner

From Folding to Folded: Hacking High Volume Mailer Machines Read More »

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  2025-09-30 at 14:33 By Ionut Arghire The flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames. The post High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  Read More »

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance 2025-09-29 at 16:42 By William Evers, Mudit Singhania, Scott Swanson In cybersecurity, several related but divergent meanings have been ascribed to the phrase “red flags”. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance Read More »

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities 2025-09-26 at 20:23 By Harold Zang REDCap, developed by Vanderbilt University, is a secure platform designed for data collection in research studies and operations. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities Read More »

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day 2025-09-26 at 14:50 By Ionut Arghire Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account. The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day Read More »

Scroll to Top