Vulnerabilities

Critical Dolby Vulnerability Patched in Android

Critical Dolby Vulnerability Patched in Android 2026-01-06 at 15:59 By Eduard Kovacs The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers. The post Critical Dolby Vulnerability Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

Critical Dolby Vulnerability Patched in Android Read More »

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries 2026-01-05 at 17:15 By Ionut Arghire With 24 new vulnerabilities known to be exploited by ransomware groups, the list now includes 1,484 software and hardware flaws. The post CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries appeared first on SecurityWeek. This article is

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries Read More »

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes 2026-01-05 at 14:18 By Eduard Kovacs WhatsApp device fingerprinting can be useful in the delivery of sophisticated spyware, but impact is very limited without a zero-day. The post Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes appeared first on SecurityWeek. This

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes Read More »

Adobe ColdFusion Servers Targeted in Coordinated Campaign

Adobe ColdFusion Servers Targeted in Coordinated Campaign 2026-01-02 at 14:42 By Ionut Arghire GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe ColdFusion Servers Targeted in Coordinated Campaign Read More »

LevelBlue SpiderLabs: Ransomware Attacks Up 17% in 2025

LevelBlue SpiderLabs: Ransomware Attacks Up 17% in 2025 2025-12-30 at 17:07 By Global Ransomware Surges in 2025: Total ransomware attacks rose by 17.2% year-over-year, with LevelBlue SpiderLabs tracking approximately 7,400 incidents compared to 6,017 in 2024. Qilin and Akira Lead the Threat Landscape: Following the disappearance of Ransomhub and the disruption of Lockbit3, Qilin emerged

LevelBlue SpiderLabs: Ransomware Attacks Up 17% in 2025 Read More »

Fortinet Warns of New Attacks Exploiting Old Vulnerability

Fortinet Warns of New Attacks Exploiting Old Vulnerability 2025-12-29 at 15:05 By Ionut Arghire Tracked as CVE-2020-12812, the exploited FortiOS flaw allows threat actors to bypass two-factor authentication. The post Fortinet Warns of New Attacks Exploiting Old Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortinet Warns of New Attacks Exploiting Old Vulnerability Read More »

Fresh MongoDB Vulnerability Exploited in Attacks

Fresh MongoDB Vulnerability Exploited in Attacks 2025-12-29 at 12:02 By Ionut Arghire Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fresh MongoDB Vulnerability Exploited in Attacks Read More »

LevelBlue Predictions 2026: The Never Ending Story Evolving Threats and Adversary Tactics

LevelBlue Predictions 2026: The Never Ending Story Evolving Threats and Adversary Tactics 2025-12-23 at 17:02 By As 2025 closes and we look toward 2026, the cybersecurity industry is bracing for radical changes that go beyond just intensifying existing problems. This article is an excerpt from LevelBlue Blog View Original Source

LevelBlue Predictions 2026: The Never Ending Story Evolving Threats and Adversary Tactics Read More »

WatchGuard Patches Firebox Zero-Day Exploited in the Wild

WatchGuard Patches Firebox Zero-Day Exploited in the Wild 2025-12-22 at 15:09 By Ionut Arghire The critical-severity bug in the Fireware OS’s iked process leads to unauthenticated remote code execution. The post WatchGuard Patches Firebox Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

WatchGuard Patches Firebox Zero-Day Exploited in the Wild Read More »

HPE Patches Critical Flaw in IT Infrastructure Management Software

HPE Patches Critical Flaw in IT Infrastructure Management Software 2025-12-18 at 17:42 By Ionut Arghire Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

HPE Patches Critical Flaw in IT Infrastructure Management Software Read More »

CISA Warns of Exploited Flaw in Asus Update Tool

CISA Warns of Exploited Flaw in Asus Update Tool 2025-12-18 at 15:37 By Ionut Arghire Tracked as CVE-2025-59374, the issue is a software backdoor implanted in Asus Live Update in a supply chain attack. The post CISA Warns of Exploited Flaw in Asus Update Tool appeared first on SecurityWeek. This article is an excerpt from

CISA Warns of Exploited Flaw in Asus Update Tool Read More »

SonicWall Patches Exploited SMA 1000 Zero-Day

SonicWall Patches Exploited SMA 1000 Zero-Day 2025-12-18 at 11:29 By Ionut Arghire The medium-severity flaw has been exploited in combination with a critical bug for remote code execution. The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SonicWall Patches Exploited SMA 1000 Zero-Day Read More »

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear 2025-12-18 at 09:18 By Eduard Kovacs The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances. The post China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear Read More »

Dux Emerges From Stealth Mode With $9 Million in Funding

Dux Emerges From Stealth Mode With $9 Million in Funding 2025-12-17 at 09:24 By Ionut Arghire The startup takes an agentic approach to preventing vulnerability exploitation by uncovering exposure across assets. The post Dux Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Dux Emerges From Stealth Mode With $9 Million in Funding Read More »

From Open Source to OpenAI: The Evolution of Third-Party Risk

From Open Source to OpenAI: The Evolution of Third-Party Risk 2025-12-16 at 20:15 By Nadir Izrael From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting. The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek. This article

From Open Source to OpenAI: The Evolution of Third-Party Risk Read More »

LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost

LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost 2025-12-16 at 17:05 By LevelBlue is redefining what clients and partners can expect from a managed security provider.  This article is an excerpt from LevelBlue Blog View Original Source

LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost Read More »

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover 2025-12-16 at 13:45 By Ionut Arghire The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges. The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover appeared first on SecurityWeek. This article is an excerpt from

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover Read More »

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins 2025-12-16 at 11:38 By Ionut Arghire Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins Read More »

Threat Intelligence News from LevelBlue SpiderLabs December 2025

Threat Intelligence News from LevelBlue SpiderLabs December 2025 2025-12-15 at 13:48 By LevelBlue SpiderLabs is the threat intelligence unit of LevelBlue and includes a global team of threat researchers and data scientists who, combined with proprietary technology in data analytics and machine learning (ML), analyze one of the largest and most diverse collections of threat

Threat Intelligence News from LevelBlue SpiderLabs December 2025 Read More »

Scroll to Top