Vulnerabilities

Organizations Warned of Exploited Meteobridge Vulnerability

Organizations Warned of Exploited Meteobridge Vulnerability 2025-10-03 at 13:49 By Ionut Arghire Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Organizations Warned of Exploited Meteobridge Vulnerability Read More »

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities 2025-10-03 at 11:44 By Ionut Arghire High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components. The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities Read More »

LevelBlue Managed WAAP Enables Organizations to Solve Day 1 WAAP Implementation Challenges

LevelBlue Managed WAAP Enables Organizations to Solve Day 1 WAAP Implementation Challenges 2025-10-02 at 16:09 By Deploying Web Application and API Protection (WAAP) systems is crucial for bolstering cybersecurity defenses. Akamai reported 108 billion API attacks over an 18-month period, underscoring the value of APIs to cybercriminals. Like any new security measure, the initial deployment

LevelBlue Managed WAAP Enables Organizations to Solve Day 1 WAAP Implementation Challenges Read More »

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks 2025-10-01 at 17:08 By Eduard Kovacs Three vulnerabilities have been patched with the release of OpenSSL updates.  The post OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks Read More »

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability 2025-10-01 at 13:36 By Ionut Arghire Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM. The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability Read More »

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers 2025-09-30 at 16:00 By The threat groups Qilin and Akira together conducted about one-quarter of the 402 ransomware attacks tracked by Trustwave SpiderLabs in September, with the manufacturing and technology sectors receiving the brunt of these efforts. This article is an excerpt from Trustwave

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers Read More »

From Folding to Folded: Hacking High Volume Mailer Machines

From Folding to Folded: Hacking High Volume Mailer Machines 2025-09-30 at 16:00 By John Jackson The Quadient DS-700iQ is a high-volume folder-inserter machine designed for automating the process of assembling, folding, and inserting mail into envelopes for large mailing operations. It features a modular design that can handle complex mailing jobs, supports multiple feeders and

From Folding to Folded: Hacking High Volume Mailer Machines Read More »

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  2025-09-30 at 14:33 By Ionut Arghire The flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames. The post High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  Read More »

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance 2025-09-29 at 16:42 By William Evers, Mudit Singhania, Scott Swanson In cybersecurity, several related but divergent meanings have been ascribed to the phrase “red flags”. This article is an excerpt from Trustwave Blog View Original Source

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance Read More »

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities 2025-09-26 at 20:23 By Harold Zang REDCap, developed by Vanderbilt University, is a secure platform designed for data collection in research studies and operations. This article is an excerpt from SpiderLabs Blog View Original Source

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities Read More »

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day 2025-09-26 at 14:50 By Ionut Arghire Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account. The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day Read More »

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks 2025-09-26 at 10:20 By Ionut Arghire Leading to remote code execution and privilege escalation, the flaws were exploited on Cisco ASA 5500-X series devices that lack secure boot. The post Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks appeared first on SecurityWeek. This article is an excerpt

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks Read More »

Cisco Patches Zero-Day Flaw Affecting Routers and Switches

Cisco Patches Zero-Day Flaw Affecting Routers and Switches 2025-09-25 at 11:46 By Ionut Arghire The security defect allows remote attackers with administrative privileges to execute arbitrary code as the root user. The post Cisco Patches Zero-Day Flaw Affecting Routers and Switches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Patches Zero-Day Flaw Affecting Routers and Switches Read More »

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk 2025-09-24 at 16:22 By LevelBlue’s newly released 2025 Spotlight Report: Cyber Resilience and Business Impact in Manufacturing, uncovered the different ways this sector has increased its understanding of the role cybersecurity must play moving forward, including the need to adopt

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk Read More »

GeoServer Flaw Exploited in US Federal Agency Hack

GeoServer Flaw Exploited in US Federal Agency Hack 2025-09-24 at 16:21 By Ionut Arghire The hackers remained undetected for three weeks, deploying China Chopper, remote access scripts, and reconnaissance tools. The post GeoServer Flaw Exploited in US Federal Agency Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GeoServer Flaw Exploited in US Federal Agency Hack Read More »

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers 2025-09-24 at 12:10 By Ionut Arghire Tracked as CVE-2025-59689, the command injection bug could be triggered via malicious emails containing crafted compressed attachments. The post Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers Read More »

SolarWinds Makes Third Attempt at Patching Exploited Vulnerability

SolarWinds Makes Third Attempt at Patching Exploited Vulnerability 2025-09-23 at 19:51 By Ionut Arghire CVE-2025-26399 is a patch bypass of CVE-2024-28988, which is a patch bypass of the exploited CVE-2024-28986. The post SolarWinds Makes Third Attempt at Patching Exploited Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SolarWinds Makes Third Attempt at Patching Exploited Vulnerability Read More »

Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited

Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited 2025-09-23 at 15:43 By Kevin Townsend A new ranking of Model Context Protocol weaknesses highlights critical risks—from prompt injection to command injection—and provides a roadmap for securing the foundations of agentic AI. The post Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be

Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited Read More »

Scroll to Top