Vulnerabilities

Beyond the Chatbot: Meta Phishing with Fake Live Support

Emerging Threats, Security Research, Vulnerabilities /

Beyond the Chatbot: Meta Phishing with Fake Live Support 2025-02-04 at 16:03 By Mike Casayuran and John Kevin Adriano In a previous Trustwave SpiderLabs’ blog, we explored how cybercriminals exploit Facebook Messenger chatbots to execute social engineering attacks, deceiving users into falling victim to scams and phishing schemes. These attacks often rely on the perceived legitimacy […]

React to this headline:

Loading spinner

Beyond the Chatbot: Meta Phishing with Fake Live Support Read More »

VMware Patches High-Risk Flaws in Oft-Targeted Aria Operations Products

Aria Operations, CVE-2025-22218, CVE-2025-22222, Malware & Threats, VMWare, Vulnerabilities /

VMware Patches High-Risk Flaws in Oft-Targeted Aria Operations Products 2025-01-30 at 21:23 By Ryan Naraine VMWare calls attention to patches for multiple ‘high-risk’ security defects in its Aria Operations and Aria Operations for Logs products. The post VMware Patches High-Risk Flaws in Oft-Targeted Aria Operations Products appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

VMware Patches High-Risk Flaws in Oft-Targeted Aria Operations Products Read More »

TeamViewer Patches High-Severity Vulnerability in Windows Applications

TeamViewer, Vulnerabilities, vulnerability /

TeamViewer Patches High-Severity Vulnerability in Windows Applications 2025-01-30 at 15:20 By Ionut Arghire TeamViewer has released patches for a high-severity elevation of privilege vulnerability in its client and host applications for Windows. The post TeamViewer Patches High-Severity Vulnerability in Windows Applications appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

TeamViewer Patches High-Severity Vulnerability in Windows Applications Read More »

New Zyxel Zero-Day Under Attack, No Patch Available

Censys, CVE-2024-40891, GreyNoise, Malware & Threats, Vulnerabilities, Zyxel /

New Zyxel Zero-Day Under Attack, No Patch Available 2025-01-29 at 18:21 By Ryan Naraine GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

New Zyxel Zero-Day Under Attack, No Patch Available Read More »

SimpleHelp Remote Access Software Exploited in Attacks

exploited, Identity & Access, remote access, SimpleHelp, Vulnerabilities /

SimpleHelp Remote Access Software Exploited in Attacks 2025-01-29 at 12:48 By Ionut Arghire Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities. The post SimpleHelp Remote Access Software Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

SimpleHelp Remote Access Software Exploited in Attacks Read More »

VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer

Avi Load Balancer, Malware & Threats, SQL injection, VMWare, Vulnerabilities /

VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer 2025-01-28 at 23:03 By Ryan Naraine VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access. The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared

React to this headline:

Loading spinner

VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer Read More »

SonicWall Confirms Exploitation of New SMA Zero-Day

exploited, SMA, SonicWall, Vulnerabilities, Zero-Day /

SonicWall Confirms Exploitation of New SMA Zero-Day 2025-01-28 at 13:33 By Eduard Kovacs SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild. The post SonicWall Confirms Exploitation of New SMA Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

SonicWall Confirms Exploitation of New SMA Zero-Day Read More »

Apple Patches First Exploited iOS Zero-Day of 2025

apple, exploited, Featured, iOS, Mobile & Wireless, Vulnerabilities, Zero-Day /

Apple Patches First Exploited iOS Zero-Day of 2025 2025-01-28 at 13:03 By Ionut Arghire Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks. The post Apple Patches First Exploited iOS Zero-Day of 2025 appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Apple Patches First Exploited iOS Zero-Day of 2025 Read More »

Cracking the Giant: How ODAT Challenges Oracle, the King of Databases

Database Protection, Vulnerabilities /

Cracking the Giant: How ODAT Challenges Oracle, the King of Databases 2025-01-27 at 16:04 By Karl Biron In the past decade, Oracle Database (Oracle DB) has reigned supreme in the competitive arena of database engine popularity ranking as shown in Figure 1 and Figure 2. This pervasiveness has led Oracle Database to be trusted by

React to this headline:

Loading spinner

Cracking the Giant: How ODAT Challenges Oracle, the King of Databases Read More »

Git Vulnerabilities Led to Credentials Exposure

Clone2Leak, Git, Vulnerabilities, vulnerability /

Git Vulnerabilities Led to Credentials Exposure 2025-01-27 at 14:49 By Ionut Arghire Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials. The post Git Vulnerabilities Led to Credentials Exposure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Git Vulnerabilities Led to Credentials Exposure Read More »

CISA Warns of Old jQuery Vulnerability Linked to Chinese APT

CISA KEV, exploited, jQuery, Vulnerabilities /

CISA Warns of Old jQuery Vulnerability Linked to Chinese APT 2025-01-24 at 18:01 By Eduard Kovacs CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.   The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

CISA Warns of Old jQuery Vulnerability Linked to Chinese APT Read More »

Trustwave SpiderLabs: Ransomware Attacks Against the Energy and Utilities Sector Up 80%

Emerging Threats, Reports, Threat Intelligence, Vulnerabilities /

Trustwave SpiderLabs: Ransomware Attacks Against the Energy and Utilities Sector Up 80% 2025-01-22 at 16:15 By The energy sector is a cornerstone of national security, ensuring the delivery of critical infrastructure services and supporting transportation systems. Recognizing the importance of protecting this vital industry, Trustwave SpiderLabs has released the comprehensive 2025 Trustwave Risk Radar Report: Energy

React to this headline:

Loading spinner

Trustwave SpiderLabs: Ransomware Attacks Against the Energy and Utilities Sector Up 80% Read More »

Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector

Emerging Threats, Reports, Threat Intelligence, Vulnerabilities /

Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector 2025-01-22 at 16:15 By The energy sector plays a crucial role in national security by ensuring the delivery of essential infrastructure services and supporting transportation systems. Acknowledging the need to safeguard this vital industry, Trustwave SpiderLabs has published the highly detailed 2025 Trustwave Risk Radar

React to this headline:

Loading spinner

Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector Read More »

The New Face of Ransomware: Key Players and Emerging Tactics of 2024

Database Protection, Emerging Threats, Vulnerabilities /

The New Face of Ransomware: Key Players and Emerging Tactics of 2024 2025-01-21 at 16:03 By Serhii Melnyk As we step into 2025, the high-impact, financially motivated ransomware landscape continues to evolve, shaped by a combination of law enforcement actions, shifting affiliate dynamics, advancements in defensive approaches, and broader economic and geopolitical influences. This article

React to this headline:

Loading spinner

The New Face of Ransomware: Key Players and Emerging Tactics of 2024 Read More »

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products

JoCERT, Vulnerabilities, vulnerability /

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products 2025-01-21 at 15:32 By daksh sharma Overview JoCERT has issued an alert regarding critical command injection vulnerabilities discovered in HPE Aruba’s 501 Wireless Client Bridge. The vulnerabilities, tracked as CVE-2024-54006 and CVE-2024-54007, allow authenticated attackers with administrative privileges to execute arbitrary commands on

React to this headline:

Loading spinner

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products Read More »

How Generative AI is Shaping the Future of Cybersecurity: Key Insights for CISOs and Enterprises

Artificial Intelligence, Emerging Threats, Vulnerabilities /

How Generative AI is Shaping the Future of Cybersecurity: Key Insights for CISOs and Enterprises 2025-01-15 at 23:19 By The increasing adoption of generative artificial intelligence platforms by threat actors, cyber defenders, and the average organization will present enterprises with an unprecedented number of cybersecurity issues in the coming years, according to a new Gartner®

React to this headline:

Loading spinner

How Generative AI is Shaping the Future of Cybersecurity: Key Insights for CISOs and Enterprises Read More »

CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day

Security Research, Vulnerabilities /

CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day 2025-01-14 at 21:07 By In late November and December 2024, Artic Wolf observed evidence of a mass compromise of Fortinet FortiGate. While the initial attack vector was unknown at the time, evidence of compromise (with new users and SSL profiles) was consistent across compromised devices. This article is an excerpt from SpiderLabs

React to this headline:

Loading spinner

CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day Read More »

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing

penetration testing, Tips & Tricks, Vulnerabilities /

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing 2025-01-10 at 16:11 By Grayson Lenik Organizations today face a rapidly evolving threat landscape, and as they plan their cybersecurity strategy and budgets, many may struggle with a key question: If I’m conducting regular vulnerability scans, and patching the vulnerabilities I identify, do I

React to this headline:

Loading spinner

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing Read More »

The State of Magecart: A Persistent Threat to E-Commerce Security

Database Protection, Emerging Threats, Vulnerabilities /

The State of Magecart: A Persistent Threat to E-Commerce Security 2025-01-09 at 16:04 By Phil Hay, Rodel Mendrez Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

The State of Magecart: A Persistent Threat to E-Commerce Security Read More »

Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here

Artificial Intelligence, Emerging Threats, Vulnerabilities /

Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here 2025-01-07 at 21:48 By Craig Searle As 2024 has wrapped up, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. This article is an excerpt from Trustwave

React to this headline:

Loading spinner

Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here Read More »

Scroll to Top