Fresh MongoDB Vulnerability Exploited in Attacks 2025-12-29 at 12:02 By Ionut Arghire Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fresh MongoDB Vulnerability Exploited in Attacks Read More »
LevelBlue Predictions 2026: The Never Ending Story Evolving Threats and Adversary Tactics 2025-12-23 at 17:02 By As 2025 closes and we look toward 2026, the cybersecurity industry is bracing for radical changes that go beyond just intensifying existing problems. This article is an excerpt from LevelBlue Blog View Original Source
WatchGuard Patches Firebox Zero-Day Exploited in the Wild 2025-12-22 at 15:09 By Ionut Arghire The critical-severity bug in the Fireware OS’s iked process leads to unauthenticated remote code execution. The post WatchGuard Patches Firebox Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
WatchGuard Patches Firebox Zero-Day Exploited in the Wild Read More »
HPE Patches Critical Flaw in IT Infrastructure Management Software 2025-12-18 at 17:42 By Ionut Arghire Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
HPE Patches Critical Flaw in IT Infrastructure Management Software Read More »
CISA Warns of Exploited Flaw in Asus Update Tool 2025-12-18 at 15:37 By Ionut Arghire Tracked as CVE-2025-59374, the issue is a software backdoor implanted in Asus Live Update in a supply chain attack. The post CISA Warns of Exploited Flaw in Asus Update Tool appeared first on SecurityWeek. This article is an excerpt from
CISA Warns of Exploited Flaw in Asus Update Tool Read More »
SonicWall Patches Exploited SMA 1000 Zero-Day 2025-12-18 at 11:29 By Ionut Arghire The medium-severity flaw has been exploited in combination with a critical bug for remote code execution. The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
SonicWall Patches Exploited SMA 1000 Zero-Day Read More »
China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear 2025-12-18 at 09:18 By Eduard Kovacs The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances. The post China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear Read More »
Dux Emerges From Stealth Mode With $9 Million in Funding 2025-12-17 at 09:24 By Ionut Arghire The startup takes an agentic approach to preventing vulnerability exploitation by uncovering exposure across assets. The post Dux Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Dux Emerges From Stealth Mode With $9 Million in Funding Read More »
From Open Source to OpenAI: The Evolution of Third-Party Risk 2025-12-16 at 20:15 By Nadir Izrael From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting. The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek. This article
From Open Source to OpenAI: The Evolution of Third-Party Risk Read More »
LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost 2025-12-16 at 17:05 By LevelBlue is redefining what clients and partners can expect from a managed security provider. This article is an excerpt from LevelBlue Blog View Original Source
JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover 2025-12-16 at 13:45 By Ionut Arghire The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges. The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover appeared first on SecurityWeek. This article is an excerpt from
JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover Read More »
In-the-Wild Exploitation of Fresh Fortinet Flaws Begins 2025-12-16 at 11:38 By Ionut Arghire Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
In-the-Wild Exploitation of Fresh Fortinet Flaws Begins Read More »
Threat Intelligence News from LevelBlue SpiderLabs December 2025 2025-12-15 at 13:48 By LevelBlue SpiderLabs is the threat intelligence unit of LevelBlue and includes a global team of threat researchers and data scientists who, combined with proprietary technology in data analytics and machine learning (ML), analyze one of the largest and most diverse collections of threat
Threat Intelligence News from LevelBlue SpiderLabs December 2025 Read More »
A Rising Tide of Threats: The Offshore Energy Industry’s Threat Landscape 2025-12-15 at 13:48 By Key Findings: This article is an excerpt from LevelBlue SpiderLabs Blog View Original Source
A Rising Tide of Threats: The Offshore Energy Industry’s Threat Landscape Read More »
Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw 2025-12-15 at 13:22 By Eduard Kovacs Apple has released macOS and iOS updates to patch two WebKit zero-days exploited in an “extremely sophisticated” attack. The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw appeared first on SecurityWeek. This article is an excerpt
Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw Read More »
Atlassian Patches Critical Apache Tika Flaw 2025-12-15 at 13:00 By Ionut Arghire Atlassian has released software updates for Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, and Jira. The post Atlassian Patches Critical Apache Tika Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Atlassian Patches Critical Apache Tika Flaw Read More »
Gladinet CentreStack Flaw Exploited to Hack Organizations 2025-12-12 at 16:02 By Ionut Arghire Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw. The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Gladinet CentreStack Flaw Exploited to Hack Organizations Read More »
Recent GeoServer Vulnerability Exploited in Attacks 2025-12-12 at 15:31 By Ionut Arghire Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent GeoServer Vulnerability Exploited in Attacks Read More »
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities 2025-12-12 at 14:04 By Ionut Arghire XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities Read More »
Microsoft Bug Bounty Program Expanded to Third-Party Code 2025-12-12 at 13:01 By Ionut Arghire All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services. The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Microsoft Bug Bounty Program Expanded to Third-Party Code Read More »