Vulnerabilities

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw 2025-12-15 at 13:22 By Eduard Kovacs Apple has released macOS and iOS updates to patch two WebKit zero-days exploited in an “extremely sophisticated” attack. The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw appeared first on SecurityWeek. This article is an excerpt […]

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw Read More »

Gladinet CentreStack Flaw Exploited to Hack Organizations

Gladinet CentreStack Flaw Exploited to Hack Organizations 2025-12-12 at 16:02 By Ionut Arghire Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw. The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Gladinet CentreStack Flaw Exploited to Hack Organizations Read More »

Recent GeoServer Vulnerability Exploited in Attacks

Recent GeoServer Vulnerability Exploited in Attacks 2025-12-12 at 15:31 By Ionut Arghire Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent GeoServer Vulnerability Exploited in Attacks Read More »

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities 2025-12-12 at 14:04 By Ionut Arghire XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities Read More »

Microsoft Bug Bounty Program Expanded to Third-Party Code

Microsoft Bug Bounty Program Expanded to Third-Party Code 2025-12-12 at 13:01 By Ionut Arghire All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services. The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Microsoft Bug Bounty Program Expanded to Third-Party Code Read More »

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits 2025-12-12 at 09:51 By Eduard Kovacs Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits Read More »

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem 2025-12-11 at 16:26 By Serhii Melnyk For centuries, threat actors, both cyber and physical, have understood the benefits of using extortion to further their criminal activities. This has led some cyber threat groups to create Extortion-as-a-Service (EaaS) businesses. These are a formalized way for cybercriminals to offer extortion

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem Read More »

Unpatched Gogs Zero-Day Exploited for Months

Unpatched Gogs Zero-Day Exploited for Months 2025-12-11 at 14:54 By Ionut Arghire The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution. The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Unpatched Gogs Zero-Day Exploited for Months Read More »

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild 2025-12-11 at 09:49 By Eduard Kovacs The Chrome zero-day does not have a CVE and it’s unclear who reported it and which browser component it affects. The post Google Patches Mysterious Chrome Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild Read More »

Fortinet Patches Critical Authentication Bypass Vulnerabilities

Fortinet Patches Critical Authentication Bypass Vulnerabilities 2025-12-10 at 15:18 By Ionut Arghire The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled. The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortinet Patches Critical Authentication Bypass Vulnerabilities Read More »

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

Ivanti EPM Update Patches Critical Remote Code Execution Flaw 2025-12-10 at 14:39 By Ionut Arghire The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti EPM Update Patches Critical Remote Code Execution Flaw Read More »

SAP Patches Critical Vulnerabilities With December 2025 Security Updates

SAP Patches Critical Vulnerabilities With December 2025 Security Updates 2025-12-10 at 14:39 By Ionut Arghire Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek. This article is an excerpt from

SAP Patches Critical Vulnerabilities With December 2025 Security Updates Read More »

Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Microsoft Patches 57 Vulnerabilities, Three Zero-Days 2025-12-10 at 00:44 By Ionut Arghire Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches 57 Vulnerabilities, Three Zero-Days Read More »

Adobe Patches Nearly 140 Vulnerabilities

Adobe Patches Nearly 140 Vulnerabilities 2025-12-10 at 00:44 By Ionut Arghire The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs. The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe Patches Nearly 140 Vulnerabilities Read More »

Critical Apache Tika Vulnerability Leads to XXE Injection

Critical Apache Tika Vulnerability Leads to XXE Injection 2025-12-08 at 13:58 By Ionut Arghire The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. The post Critical Apache Tika Vulnerability Leads to XXE Injection appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection Read More »

Exploitation of React2Shell Surges

Exploitation of React2Shell Surges 2025-12-08 at 12:00 By Eduard Kovacs An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of React2Shell Surges Read More »

Chinese Hackers Exploiting React2Shell Vulnerability

Chinese Hackers Exploiting React2Shell Vulnerability 2025-12-05 at 10:30 By Eduard Kovacs AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese Hackers Exploiting React2Shell Vulnerability Read More »

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability 2025-12-04 at 12:11 By Eduard Kovacs A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability Read More »

Scroll to Top