Vulnerabilities

SpiderLabs Ransomware Tracker Update November 2025: Qlin, Cl0p, and Akira Vie for Top Attacker

SpiderLabs Ransomware Tracker Update November 2025: Qlin, Cl0p, and Akira Vie for Top Attacker 2025-12-03 at 16:04 By Trustwave SpiderLabs ransomware tracker noted a slight dip in the overall number of attacks that took place in November 2025, but the research team saw the threat group Cl0p surge, conducting 98 attacks during the month, up […]

SpiderLabs Ransomware Tracker Update November 2025: Qlin, Cl0p, and Akira Vie for Top Attacker Read More »

Sha1-Hulud: The Second Coming of The New npm GitHub Worm

Sha1-Hulud: The Second Coming of The New npm GitHub Worm 2025-12-03 at 16:04 By Karl Sigler Sha1-Hulud is back with a new evolution of its supply-chain attack that targets development environments via Node Package Manager (npm). npm is a very popular package manager for Node.js that provides millions of predeveloped packages of code to be

Sha1-Hulud: The Second Coming of The New npm GitHub Worm Read More »

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

Critical King Addons Vulnerability Exploited to Hack WordPress Sites 2025-12-03 at 15:39 By Ionut Arghire A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from

Critical King Addons Vulnerability Exploited to Hack WordPress Sites Read More »

Microsoft Silently Mitigated Exploited LNK Vulnerability

Microsoft Silently Mitigated Exploited LNK Vulnerability 2025-12-03 at 14:35 By Ionut Arghire Windows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Silently Mitigated Exploited LNK Vulnerability Read More »

Chrome 143 Patches High-Severity Vulnerabilities

Chrome 143 Patches High-Severity Vulnerabilities 2025-12-03 at 10:52 By Ionut Arghire Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine. The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 143 Patches High-Severity Vulnerabilities Read More »

Android’s December 2025 Updates Patch Two Zero-Days

Android’s December 2025 Updates Patch Two Zero-Days 2025-12-02 at 15:15 By Ionut Arghire Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Android’s December 2025 Updates Patch Two Zero-Days Read More »

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack 2025-12-01 at 13:14 By Eduard Kovacs CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Read More »

Black Friday 2025: Aligning Cyber Resilience and Business Goals to Protect Your Retail Business

Black Friday 2025: Aligning Cyber Resilience and Business Goals to Protect Your Retail Business 2025-11-25 at 17:04 By Black Friday Cyber Threats: As retail sales peak, cybercriminals ramp up attacks, targeting vulnerabilities in retail businesses during the holiday rush. Retailers Under Siege: In 2025, a significant number of retailers, including major brands, experienced increased cyberattacks,

Black Friday 2025: Aligning Cyber Resilience and Business Goals to Protect Your Retail Business Read More »

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover 2025-11-25 at 15:47 By Ionut Arghire Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover Read More »

CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability

CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability 2025-11-24 at 17:48 By Eduard Kovacs CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog.  The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability Read More »

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day 2025-11-21 at 15:47 By Eduard Kovacs CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Read More »

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance 2025-11-21 at 14:41 By Ionut Arghire The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories. The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first on SecurityWeek. This article is an excerpt

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance Read More »

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability 2025-11-21 at 13:20 By Eduard Kovacs SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake. The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek. This

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability Read More »

Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts

Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts 2025-11-20 at 14:06 By Eduard Kovacs Researchers demonstrated a now-patched vulnerability that could have been used to enumerate all WhatsApp accounts. The post Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts Read More »

Recent 7-Zip Vulnerability Exploited in Attacks

Recent 7-Zip Vulnerability Exploited in Attacks 2025-11-20 at 13:09 By Ionut Arghire A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists. The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent 7-Zip Vulnerability Exploited in Attacks Read More »

SolarWinds Patches Three Critical Serv-U Vulnerabilities

SolarWinds Patches Three Critical Serv-U Vulnerabilities 2025-11-20 at 09:32 By Eduard Kovacs SolarWinds Serv-U is affected by vulnerabilities that can be exploited for remote code execution. The post SolarWinds Patches Three Critical Serv-U Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SolarWinds Patches Three Critical Serv-U Vulnerabilities Read More »

SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp

SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp 2025-11-19 at 19:03 By Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi Trustwave SpiderLabs researchers have recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures. In this blog post, we will break down the techniques used in the

SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp Read More »

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week 2025-11-19 at 11:49 By Ionut Arghire An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week Read More »

Meta Paid Out $4 Million via Bug Bounty Program in 2025

Meta Paid Out $4 Million via Bug Bounty Program in 2025 2025-11-18 at 17:31 By Eduard Kovacs The total amount of money given to bug bounty hunters by the social media giant has reached $25 million. The post Meta Paid Out $4 Million via Bug Bounty Program in 2025 appeared first on SecurityWeek. This article

Meta Paid Out $4 Million via Bug Bounty Program in 2025 Read More »

Scroll to Top