Vulnerabilities

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits

cloud security, exploit, hacking competition, open source, Vulnerabilities, vulnerability, Zeroday.Cloud /

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits 2025-12-12 at 09:51 By Eduard Kovacs Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits Read More »

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem

Emerging Threats, Vulnerabilities /

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem 2025-12-11 at 16:26 By Serhii Melnyk For centuries, threat actors, both cyber and physical, have understood the benefits of using extortion to further their criminal activities. This has led some cyber threat groups to create Extortion-as-a-Service (EaaS) businesses. These are a formalized way for cybercriminals to offer extortion

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem Read More »

Unpatched Gogs Zero-Day Exploited for Months

exploited, Gogs, Vulnerabilities, Zero-Day /

Unpatched Gogs Zero-Day Exploited for Months 2025-12-11 at 14:54 By Ionut Arghire The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution. The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Unpatched Gogs Zero-Day Exploited for Months Read More »

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild

Chrome, exploited, Featured, Vulnerabilities, Zero-Day /

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild 2025-12-11 at 09:49 By Eduard Kovacs The Chrome zero-day does not have a CVE and it’s unclear who reported it and which browser component it affects. The post Google Patches Mysterious Chrome Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild Read More »

Fortinet Patches Critical Authentication Bypass Vulnerabilities

Fortinet, patch, Vulnerabilities, vulnerability /

Fortinet Patches Critical Authentication Bypass Vulnerabilities 2025-12-10 at 15:18 By Ionut Arghire The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled. The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortinet Patches Critical Authentication Bypass Vulnerabilities Read More »

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

Ivanti, Vulnerabilities, vulnerability /

Ivanti EPM Update Patches Critical Remote Code Execution Flaw 2025-12-10 at 14:39 By Ionut Arghire The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti EPM Update Patches Critical Remote Code Execution Flaw Read More »

SAP Patches Critical Vulnerabilities With December 2025 Security Updates

patch, SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Vulnerabilities With December 2025 Security Updates 2025-12-10 at 14:39 By Ionut Arghire Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek. This article is an excerpt from

SAP Patches Critical Vulnerabilities With December 2025 Security Updates Read More »

Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Featured, Patch Tuesday, Vulnerabilities, vulnerability, Windows, Zero-Day /

Microsoft Patches 57 Vulnerabilities, Three Zero-Days 2025-12-10 at 00:44 By Ionut Arghire Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches 57 Vulnerabilities, Three Zero-Days Read More »

Adobe Patches Nearly 140 Vulnerabilities

Adobe, patches, Vulnerabilities, vulnerability /

Adobe Patches Nearly 140 Vulnerabilities 2025-12-10 at 00:44 By Ionut Arghire The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs. The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe Patches Nearly 140 Vulnerabilities Read More »

Critical Apache Tika Vulnerability Leads to XXE Injection

Apache, Apache Tika, Vulnerabilities, vulnerability /

Critical Apache Tika Vulnerability Leads to XXE Injection 2025-12-08 at 13:58 By Ionut Arghire The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. The post Critical Apache Tika Vulnerability Leads to XXE Injection appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection Read More »

Exploitation of React2Shell Surges

exploited, Featured, React, React2Shell, Vulnerabilities, vulnerability /

Exploitation of React2Shell Surges 2025-12-08 at 12:00 By Eduard Kovacs An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of React2Shell Surges Read More »

Chinese Hackers Exploiting React2Shell Vulnerability

exploited, Featured, React, React2Shell, Vulnerabilities, vulnerability /

Chinese Hackers Exploiting React2Shell Vulnerability 2025-12-05 at 10:30 By Eduard Kovacs AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese Hackers Exploiting React2Shell Vulnerability Read More »

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Application Security, Featured, React, Vulnerabilities, vulnerability /

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability 2025-12-04 at 12:11 By Eduard Kovacs A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability Read More »

SpiderLabs Ransomware Tracker Update November 2025: Qlin, Cl0p, and Akira Vie for Top Attacker

data breach, Security Research, Vulnerabilities /

SpiderLabs Ransomware Tracker Update November 2025: Qlin, Cl0p, and Akira Vie for Top Attacker 2025-12-03 at 16:04 By Trustwave SpiderLabs ransomware tracker noted a slight dip in the overall number of attacks that took place in November 2025, but the research team saw the threat group Cl0p surge, conducting 98 attacks during the month, up

SpiderLabs Ransomware Tracker Update November 2025: Qlin, Cl0p, and Akira Vie for Top Attacker Read More »

Sha1-Hulud: The Second Coming of The New npm GitHub Worm

data breach, Emerging Threats, Vulnerabilities /

Sha1-Hulud: The Second Coming of The New npm GitHub Worm 2025-12-03 at 16:04 By Karl Sigler Sha1-Hulud is back with a new evolution of its supply-chain attack that targets development environments via Node Package Manager (npm). npm is a very popular package manager for Node.js that provides millions of predeveloped packages of code to be

Sha1-Hulud: The Second Coming of The New npm GitHub Worm Read More »

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

exploited, Vulnerabilities, vulnerability, WordPress /

Critical King Addons Vulnerability Exploited to Hack WordPress Sites 2025-12-03 at 15:39 By Ionut Arghire A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from

Critical King Addons Vulnerability Exploited to Hack WordPress Sites Read More »

Microsoft Silently Mitigated Exploited LNK Vulnerability

Endpoint Security, Featured, LNK, Microsoft, patch, Vulnerabilities, Windows /

Microsoft Silently Mitigated Exploited LNK Vulnerability 2025-12-03 at 14:35 By Ionut Arghire Windows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Silently Mitigated Exploited LNK Vulnerability Read More »

Chrome 143 Patches High-Severity Vulnerabilities

Chrome, Vulnerabilities, vulnerability /

Chrome 143 Patches High-Severity Vulnerabilities 2025-12-03 at 10:52 By Ionut Arghire Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine. The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 143 Patches High-Severity Vulnerabilities Read More »

Scroll to Top