Vulnerabilities

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw

apple, CVE-2025-24201, iOS, iOS 18.3.2, Mobile & Wireless, USB Restricted Mode, Vulnerabilities, Zero-Day /

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw 2025-03-11 at 21:16 By Ryan Naraine Apple warns that the WebKIt bug “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” The post Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw appeared first on SecurityWeek. This article is an excerpt from […]

React to this headline:

Loading spinner

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw Read More »

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days 

critical infrastructure, Malware & Threats, Microsoft, Patch Tuesday, remote code execution, Vulnerabilities, Zero-Day /

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  2025-03-11 at 21:03 By Ryan Naraine Redmond ships major security updates with warnings that a half-dozen Windows vulnerabilities have already been exploited in the wild. The post Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days  Read More »

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader

Acrobat and Reader, Adobe, InDesign, Patch Tuesday, Risk Management, Vulnerabilities /

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader 2025-03-11 at 19:47 By Ryan Naraine Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications. The post Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader Read More »

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver

SAP, Vulnerabilities, vulnerability /

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver 2025-03-11 at 15:00 By Ionut Arghire SAP released 21 new security notes and updated three security notes on March 2025 security patch day. The post SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver Read More »

CISA Warns of Ivanti EPM Vulnerability Exploitation

CISA KEV, exploited, Ivanti, Vulnerabilities /

CISA Warns of Ivanti EPM Vulnerability Exploitation 2025-03-11 at 13:45 By Ionut Arghire CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

CISA Warns of Ivanti EPM Vulnerability Exploitation Read More »

Google Paid Out $12 Million via Bug Bounty Programs in 2024

bug bounty program, Google, Vulnerabilities /

Google Paid Out $12 Million via Bug Bounty Programs in 2024 2025-03-10 at 14:18 By Ionut Arghire In 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs. The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Google Paid Out $12 Million via Bug Bounty Programs in 2024 Read More »

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report

In Other News, Vulnerabilities /

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report 2025-03-07 at 19:02 By SecurityWeek News Noteworthy stories that might have slipped under the radar: Google discloses AMD CPU flaw named EntrySign, ISPs in the US and China targeted in massive attack, ENISA report on NIS2 Directive. The post In Other News: EntrySign

React to this headline:

Loading spinner

In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report Read More »

Russian State Actors: Development in Group Attributions

Database Protection, Government, Perspectives, Security Research, Vulnerabilities /

Russian State Actors: Development in Group Attributions 2025-03-07 at 16:33 By Pawel Knapczyk and Nikita Kazymirskyi This is the final installment of Trustwave SpiderLabs Russia-Ukraine digital battlefield series, which has spanned topics including the differences between Russia and Ukraine cyber actors, how government entities, defense organizations, and human targets were caught in the cyber crossfire,

React to this headline:

Loading spinner

Russian State Actors: Development in Group Attributions Read More »

A Deep Dive into Strela Stealer and how it Targets European Countries

data breach, Database Protection, Emerging Threats, Security Research, Vulnerabilities /

A Deep Dive into Strela Stealer and how it Targets European Countries 2025-03-07 at 00:01 By Dawid Nesterowicz Infostealers have dominated the malware landscape due to the ease of threat operations maintenance, and a wide group of potential victims. In this blog, we take a closer look at a unique infostealer designed to precisely target

React to this headline:

Loading spinner

A Deep Dive into Strela Stealer and how it Targets European Countries Read More »

Defending Manufacturing: How Cybercriminals Are Targeting the Industry and How to Respond

Database Protection, Security Research, Vulnerabilities /

Defending Manufacturing: How Cybercriminals Are Targeting the Industry and How to Respond 2025-03-06 at 19:34 By Cyber Threats in Manufacturing: The 2025 Trustwave Risk Radar Report highlights how cybercriminals exploit vulnerabilities in manufacturing infrastructure, workers, and digital supply chains, with over 3,500 critical vulnerabilities listed on CISA’s KEV list. Top Manufacturing Cyber Risks: Attackers leverage high-profile exploits

React to this headline:

Loading spinner

Defending Manufacturing: How Cybercriminals Are Targeting the Industry and How to Respond Read More »

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

ESX, exploited, Featured, VMWare, Vulnerabilities, Zero-Day /

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks 2025-03-06 at 12:03 By Eduard Kovacs Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days. The post Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks appeared first

React to this headline:

Loading spinner

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks Read More »

The Russia-Ukraine Cyber War Part 3: Attacks on Telecom and Critical Infrastructure

Government, Security Research, Vulnerabilities /

The Russia-Ukraine Cyber War Part 3: Attacks on Telecom and Critical Infrastructure 2025-03-05 at 16:08 By Pawel Knapczyk and Nikita Kazymirskyi This post is the third part of our blog series that tackles the Russia-Ukraine war in the digital realm. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

The Russia-Ukraine Cyber War Part 3: Attacks on Telecom and Critical Infrastructure Read More »

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities

Chrome, Firefox, patch, Vulnerabilities, vulnerability /

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities 2025-03-05 at 13:15 By Ionut Arghire Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities. The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities Read More »

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets

MediaTek, Qualcomm, Vulnerabilities, vulnerability /

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets 2025-03-04 at 14:54 By Ionut Arghire Chip makers Qualcomm and Mediatek have released patches for many vulnerabilities across their products. The post Vulnerabilities Patched in Qualcomm, Mediatek Chipsets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets Read More »

Broadcom Patches 3 VMware Zero-Days Exploited in the Wild

exploited, Featured, VMWare, Vulnerabilities, vulnerability /

Broadcom Patches 3 VMware Zero-Days Exploited in the Wild 2025-03-04 at 14:22 By Eduard Kovacs Broadcom patched VMware zero-days CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 after Microsoft warned it of exploitation. The post Broadcom Patches 3 VMware Zero-Days Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Broadcom Patches 3 VMware Zero-Days Exploited in the Wild Read More »

Google Patches Pair of Exploited Vulnerabilities in Android

Android, exploited, Mobile & Wireless, Vulnerabilities /

Google Patches Pair of Exploited Vulnerabilities in Android 2025-03-04 at 13:52 By Ionut Arghire Android’s March 2025 security update addresses over 40 vulnerabilities, including two actively exploited in the wild. The post Google Patches Pair of Exploited Vulnerabilities in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Google Patches Pair of Exploited Vulnerabilities in Android Read More »

Exploitation Long Known for Most of CISA’s Latest KEV Additions

CISA KEV, exploited, Vulnerabilities, vulnerability /

Exploitation Long Known for Most of CISA’s Latest KEV Additions 2025-03-04 at 13:02 By Eduard Kovacs Exploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog. The post Exploitation Long Known for Most of CISA’s Latest KEV Additions appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Exploitation Long Known for Most of CISA’s Latest KEV Additions Read More »

Vulnerable Paragon Driver Exploited in Ransomware Attacks

BYOVD, driver, privilege escalation, Ransomware, Vulnerabilities /

Vulnerable Paragon Driver Exploited in Ransomware Attacks 2025-03-03 at 14:04 By Ionut Arghire Ransomware operators exploit a vulnerable Paragon driver in BYOVD attacks to elevate privileges to System. The post Vulnerable Paragon Driver Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Vulnerable Paragon Driver Exploited in Ransomware Attacks Read More »

Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist

Amnesty International, Android, Cellebrite, Serbia, spyware, surveillance, Tracking & Law Enforcement, Vulnerabilities /

Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist 2025-02-28 at 23:02 By Ryan Naraine Amnesty International publishes technical details on zero-day vulnerabilities exploited by Cellebrite’s mobile forensic tools to spy on a Serbian student activist. The post Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist Read More »

Trustwave SpiderLabs Insights: Cyberattack Methods Targeting Manufacturing

Reports, Threat Intelligence, Vulnerabilities /

Trustwave SpiderLabs Insights: Cyberattack Methods Targeting Manufacturing 2025-02-28 at 16:12 By When it comes to choosing a manufacturer to target for attack, threat groups have a healthy list of tools from which to choose. All of which are made more powerful due to this industry’s complex cybersecurity posture, driven by the increasing integration of IT/OT

React to this headline:

Loading spinner

Trustwave SpiderLabs Insights: Cyberattack Methods Targeting Manufacturing Read More »

Scroll to Top