Vulnerabilities

Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky

CVE-2025-2783, cyberespionage, Cyberwarfare, Google Chrome, Kaspersky, Operation ForumTroll, Vulnerabilities /

Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky 2025-03-26 at 00:38 By Ryan Naraine The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek. This article is an excerpt from […]

React to this headline:

Loading spinner

Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky Read More »

VMware Patches Authentication Bypass Flaw in Windows Tools Suite

CVE-2025-22230, virtualization, VMWare, VMware Tools for Windows, Vulnerabilities /

VMware Patches Authentication Bypass Flaw in Windows Tools Suite 2025-03-25 at 17:07 By SecurityWeek News The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10. The post VMware Patches Authentication Bypass Flaw in Windows Tools Suite appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

VMware Patches Authentication Bypass Flaw in Windows Tools Suite Read More »

IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking

cloud security, Featured, IngressNightmare, Kubernetes, Vulnerabilities /

IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking 2025-03-25 at 12:17 By Eduard Kovacs Critical remote code execution vulnerabilities found by Wiz researchers in Ingress NGINX Controller for Kubernetes. The post IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking Read More »

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD

CISA, CVE, Government, NIST, NVD, Vulnerabilities /

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD 2025-03-24 at 18:21 By Ryan Naraine The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek. This

React to this headline:

Loading spinner

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD Read More »

Russian Firm Offers $4 Million for Telegram Exploits

exploit, Operation Zero, Telegram, Vulnerabilities, Zero-Day /

Russian Firm Offers $4 Million for Telegram Exploits 2025-03-24 at 17:19 By Ionut Arghire A Russian exploit acquisition firm says it is willing to pay up to $4 million for full-chain exploits targeting the popular messaging service Telegram. The firm, Operation Zero, is known for selling zero-day exploits exclusively to Russian government and private organizations.

React to this headline:

Loading spinner

Russian Firm Offers $4 Million for Telegram Exploits Read More »

In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw

In Other News, Vulnerabilities /

In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw 2025-03-21 at 17:48 By SecurityWeek News Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat flaw.  The post In Other News: Critical Chrome Bug, Capital One

React to this headline:

Loading spinner

In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw Read More »

The Energy Industry’s Hidden Risks: Espionage, Sabotage, and Insider Threats

Database Protection, Emerging Threats, Security Research, Vulnerabilities /

The Energy Industry’s Hidden Risks: Espionage, Sabotage, and Insider Threats 2025-03-21 at 15:07 By With subject matter expertise and presence across the globe, RMI Global Solutions are recognized by the oil & gas, and broader energy industry on and offshore, as experts in the threats and risks that face the spectrum of this key industry

React to this headline:

Loading spinner

The Energy Industry’s Hidden Risks: Espionage, Sabotage, and Insider Threats Read More »

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 2

Database Protection, Security Research, Tips & Tricks, Vulnerabilities /

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 2 2025-03-20 at 18:47 By Karl Biron In Part 1 of Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster, we uncovered the dangers of running Elasticsearch with X-Pack disabled and thus, highlighting the ease with which attackers

React to this headline:

Loading spinner

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 2 Read More »

CISA Warns of Exploited Nakivo Vulnerability

CISA KEV, exploited, Nakivo, Vulnerabilities /

CISA Warns of Exploited Nakivo Vulnerability 2025-03-20 at 17:35 By Ionut Arghire CISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list. The post CISA Warns of Exploited Nakivo Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

CISA Warns of Exploited Nakivo Vulnerability Read More »

Veeam Patches Critical Vulnerability in Backup & Replication

Veeam, Vulnerabilities, vulnerability /

Veeam Patches Critical Vulnerability in Backup & Replication 2025-03-20 at 15:11 By Ionut Arghire Veeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication. The post Veeam Patches Critical Vulnerability in Backup & Replication appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Veeam Patches Critical Vulnerability in Backup & Replication Read More »

Hackers Target Cisco Smart Licensing Utility Vulnerabilities

Cisco, exploited, Smart Licensing Utility, Vulnerabilities /

Hackers Target Cisco Smart Licensing Utility Vulnerabilities 2025-03-20 at 13:46 By Eduard Kovacs SANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440. The post Hackers Target Cisco Smart Licensing Utility Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Hackers Target Cisco Smart Licensing Utility Vulnerabilities Read More »

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1

Database Protection, Emerging Threats, Vulnerabilities /

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1 2025-03-19 at 21:19 By Karl Biron Picture this: an always-awake, never-tired, high-speed librarian that instantly finds the exact information you need from a massive collection of books. This extraordinary librarian is also capable of processing millions of requests simultaneously, understands

React to this headline:

Loading spinner

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1 Read More »

8,000 New WordPress Vulnerabilities Reported in 2024

report, Vulnerabilities, vulnerability, WordPress /

8,000 New WordPress Vulnerabilities Reported in 2024 2025-03-17 at 18:14 By Ionut Arghire Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

8,000 New WordPress Vulnerabilities Reported in 2024 Read More »

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services

AI, Artificial Intelligence, Featured, NVIDIA, Riva, Vulnerabilities, vulnerability /

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services 2025-03-17 at 13:16 By Eduard Kovacs Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.  The post Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services Read More »

FreeType Zero-Day Being Exploited in the Wild

CVE-2025-27363, Facebook, FreeType, Malware & Threats, Meta, Vulnerabilities, Zero-Day /

FreeType Zero-Day Being Exploited in the Wild 2025-03-13 at 19:24 By Ryan Naraine Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.  The post FreeType Zero-Day Being Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

FreeType Zero-Day Being Exploited in the Wild Read More »

Cisco Patches 10 Vulnerabilities in IOS XR

Cisco, Vulnerabilities, vulnerability /

Cisco Patches 10 Vulnerabilities in IOS XR 2025-03-13 at 18:02 By Ionut Arghire Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs. The post Cisco Patches 10 Vulnerabilities in IOS XR appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Cisco Patches 10 Vulnerabilities in IOS XR Read More »

Challenges for Australian Manufacturers: Insights from the 2025 Trustwave Risk Radar Report

Database Protection, Perspectives, Vulnerabilities /

Challenges for Australian Manufacturers: Insights from the 2025 Trustwave Risk Radar Report 2025-03-13 at 17:48 By The Trustwave SpiderLabs research 2025 Trustwave Risk Radar Report: Manufacturing Sector takes a global view of the cybersecurity issues facing this vertical, but it’s also important to examine how and if different regions are specifically impacted. This article is an excerpt

React to this headline:

Loading spinner

Challenges for Australian Manufacturers: Insights from the 2025 Trustwave Risk Radar Report Read More »

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution

Development, DevSecOps, Vulnerabilities /

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution 2025-03-13 at 13:49 By Matias Madou Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on

React to this headline:

Loading spinner

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution Read More »

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector

data breach, Database Protection, Vulnerabilities /

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector 2025-03-12 at 20:17 By Proactive Threat Defense for Financial Institutions: Trustwave’s DbProtect actively identifies sensitive data locations and analyzes potential threat vectors, enabling immediate security measures like enhanced access controls and vulnerability prioritization. Advanced Offensive Security Measures: Trustwave’s offensive security

React to this headline:

Loading spinner

How Managed Database Security Enhances Compliance, Privacy, and Threat Defense for the Financial Services Sector Read More »

Resurgence of a Fake Captcha Malware Campaign

Vulnerabilities /

Resurgence of a Fake Captcha Malware Campaign 2025-03-12 at 19:06 By Reegun Jayapaul During an Advanced Continual Threat Hunt (ACTH) investigation in early February 2025, Trustwave SpiderLabs discovered a resurgence of fake CAPTCHA verifications designed to deceive victims into executing malicious PowerShell scripts. This campaign employs a multi-stage PowerShell execution process, ultimately delivering infostealers such as Lumma and

React to this headline:

Loading spinner

Resurgence of a Fake Captcha Malware Campaign Read More »

Scroll to Top