Vulnerabilities - Security Ticks

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability

Asus, botnet, Censys, CVE-2023-39780, GreyNoise, IoT Security, Malware & Threats, ORB, Vulnerabilities / SecurityTicks

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability 2025-05-29 at 17:37 By Ryan Naraine Professional hackers have built a network of ASUS routers that can survive firmware upgrades, factory reboots and most anti-malware scans. The post GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability appeared first on SecurityWeek. This article is an excerpt […]

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability Read More »

PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec’s Operations

Emerging Threats, Vulnerabilities / SecurityTicks

PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec’s Operations 2025-05-28 at 23:26 By Cris Tomboc and King Orande Phishing-as-a-Service (PhaaS) platforms have significantly reshaped the phishing threat landscape in recent years. Since September 2023, Trustwave’s Threat Intelligence Team has been tracking a large-scale phishing campaign distributed via email, attributed to “Storm-1575”. Storm-1575 is known for

PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec’s Operations Read More »

Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities

Chrome, Firefox, patch, Vulnerabilities / SecurityTicks

Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities 2025-05-28 at 14:50 By Ionut Arghire Google and Mozilla released patches for Chrome and FireFox to address a total of 21 vulnerabilities between the two browsers, including three rated high severity. The post Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an

Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities Read More »

Vulnerabilities in CISA KEV Are Not Equally Critical: Report

CISA, CISA KEV, Incident Response, Ox Security, Vulnerabilities, Zero-Day / SecurityTicks

Vulnerabilities in CISA KEV Are Not Equally Critical: Report 2025-05-28 at 13:13 By Ionut Arghire New report says organizations should always consider environmental context when assessing the impact of vulnerabilities in CISA KEV catalog. The post Vulnerabilities in CISA KEV Are Not Equally Critical: Report appeared first on SecurityWeek. This article is an excerpt from

Vulnerabilities in CISA KEV Are Not Equally Critical: Report Read More »

The Blind Spots of Multi-Agent Systems: Why AI Collaboration Needs Caution

Artificial Intelligence, Emerging Threats, Vulnerabilities / SecurityTicks

The Blind Spots of Multi-Agent Systems: Why AI Collaboration Needs Caution 2025-05-23 at 16:04 By Muhammad Ahmad Multi-agent systems (MAS) are reshaping industries from IT services to innovative city governance by enabling autonomous AI agents to collaborate, compete, and solve complex problems. This powerful transformation comes with a cost. As multi-agent systems grow, their risks

The Blind Spots of Multi-Agent Systems: Why AI Collaboration Needs Caution Read More »

Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw

Active Directory, Akamai, BadSuccessor, email security, Identity & Access, Microsoft, Vulnerabilities, Windows Server 2025 / SecurityTicks

Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw 2025-05-22 at 20:08 By Ryan Naraine Akamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch. The post Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw Read More »

Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities

Cisco, Network Security, patch, Vulnerabilities / SecurityTicks

Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities 2025-05-22 at 11:44 By Ionut Arghire Cisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center. The post Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities appeared first on SecurityWeek. This article is an excerpt

Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities Read More »

GitLab, Atlassian Patch High-Severity Vulnerabilities

Atlassian, GitLab, Vulnerabilities, vulnerability / SecurityTicks

GitLab, Atlassian Patch High-Severity Vulnerabilities 2025-05-22 at 08:18 By Ionut Arghire GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs. The post GitLab, Atlassian Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitLab, Atlassian Patch High-Severity Vulnerabilities Read More »

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine

APT28, CISA, Malware & Threats, Nation-State, Russia, Ukraine, Unit 26165, Vulnerabilities / SecurityTicks

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine 2025-05-21 at 23:47 By Ryan Naraine Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine. The post CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine Read More »

Storm-0558 and the Dangers of Cross-Tenant Token Forgery

data breach, Tips & Tricks, Vulnerabilities / SecurityTicks

Storm-0558 and the Dangers of Cross-Tenant Token Forgery 2025-05-21 at 23:02 By Damian Archer Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers. This article is an excerpt from SpiderLabs Blog View Original Source

Storm-0558 and the Dangers of Cross-Tenant Token Forgery Read More »

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities

exploited, Ivanti, Vulnerabilities, vulnerability / SecurityTicks

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities 2025-05-21 at 12:49 By Ionut Arghire Wiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution. The post Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities Read More »

Critical OpenPGP.js Vulnerability Allows Spoofing

email security, Encryption, OpenPGP, Vulnerabilities, vulnerability / SecurityTicks

Critical OpenPGP.js Vulnerability Allows Spoofing 2025-05-21 at 10:16 By Eduard Kovacs An OpenPGP.js vulnerability tracked as CVE-2025-47934 allows message signature verification to be spoofed. The post Critical OpenPGP.js Vulnerability Allows Spoofing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical OpenPGP.js Vulnerability Allows Spoofing Read More »

NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

cloud security, CVE-2025-41229, ESXi, NATO, VMWare, VMware Cloud Foundation, Vulnerabilities / SecurityTicks

NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch 2025-05-20 at 17:02 By Ryan Naraine VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available. The post NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch Read More »

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers

CISA, LEV, NIST, prioritization, Vulnerabilities, vulnerability / SecurityTicks

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers 2025-05-20 at 15:39 By Eduard Kovacs The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization. The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers Read More »

It’s Time to Prepare as Scattered Spider Spreads Its Web to the US

DFIR, Emerging Threats, News, Trustwave Rapid Response, Vulnerabilities / SecurityTicks

It’s Time to Prepare as Scattered Spider Spreads Its Web to the US 2025-05-19 at 22:08 By DFIR: Enhance your cybersecurity resilience with Trustwave’s DFIR retainer services, offering rapid response, priority handling, and cost-efficient solutions to manage digital forensics and incident response effectively. Offensive Security: Protect retail operations against emerging threats like Scattered Spider with Trustwave’s Offensive

It’s Time to Prepare as Scattered Spider Spreads Its Web to the US Read More »

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025

competition, exploit, Featured, Pwn2OPwn, Pwn2Own 2025, Vulnerabilities, vulnerability / SecurityTicks

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 2025-05-19 at 12:02 By Eduard Kovacs Pwn2Own participants demonstrated exploits against VMs, AI, browsers, servers, containers, and operating systems. The post Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 Read More »

Guarding Against Dependency Attacks: Essential Strategies for Modern Application Development

Tips & Tricks, Vulnerabilities / SecurityTicks

Guarding Against Dependency Attacks: Essential Strategies for Modern Application Development 2025-05-16 at 19:45 By Pauline Bolaños Dependency management is one of the biggest challenges in modern software development. This article is an excerpt from SpiderLabs Blog View Original Source

Guarding Against Dependency Attacks: Essential Strategies for Modern Application Development Read More »

Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025

AI, exploit, Pwn2Own, Pwn2Own 2025, Vulnerabilities / SecurityTicks

Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025 2025-05-16 at 10:31 By Eduard Kovacs Pwn2Own participants have earned tens of thousands of dollars for Red Hat, Windows, Oracle VirtualBox, Docker Desktop, and AI exploits. The post Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025 appeared first on SecurityWeek. This article is

Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025 Read More »

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Chrome, exploited, PoC, Vulnerabilities, vulnerability / SecurityTicks

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ 2025-05-15 at 11:33 By Ionut Arghire Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists. The post Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ appeared first on SecurityWeek. This article is an

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ Read More »

EU Cybersecurity Agency ENISA Launches European Vulnerability Database

ENISA, EU, EUVD, Vulnerabilities, vulnerability database, vulnerability management / SecurityTicks

EU Cybersecurity Agency ENISA Launches European Vulnerability Database 2025-05-14 at 15:02 By Eduard Kovacs Experts say the European Vulnerability Database, or EUVD, should be a good resource, but only if ENISA manages to maintain it properly. The post EU Cybersecurity Agency ENISA Launches European Vulnerability Database appeared first on SecurityWeek. This article is an excerpt

EU Cybersecurity Agency ENISA Launches European Vulnerability Database Read More »