Vulnerabilities - Security Ticks

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Malware & Threats, mu-plugins, Sucuri, Vulnerabilities, WordPress, WordPress plugin / SecurityTicks

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory 2025-03-31 at 18:07 By Ionut Arghire Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory Read More »

How to Safeguard Critical Assets from the Growing Threat of Supply Chain Cyberattacks

data breach, Tips & Tricks, Vulnerabilities / SecurityTicks

How to Safeguard Critical Assets from the Growing Threat of Supply Chain Cyberattacks 2025-03-31 at 16:12 By Craig Searle Understanding Supply Chain Threats: Learn how cybercriminals exploit vulnerabilities in third-party vendors to gain unauthorized access to sensitive data. Real-World Cyberattack Examples: Explore high-profile supply chain breaches like the SolarWinds attack and their long-term impact on

How to Safeguard Critical Assets from the Growing Threat of Supply Chain Cyberattacks Read More »

The Crucial Role Trustwave Red Team Exercises Play in Enhancing Cybersecurity

Database Protection, penetration testing, Reports, Threat Intelligence, Vulnerabilities / SecurityTicks

The Crucial Role Trustwave Red Team Exercises Play in Enhancing Cybersecurity 2025-03-28 at 15:09 By Uncover Critical Cybersecurity Gaps: Learn how Trustwave SpiderLabs’ Red Team identified vulnerabilities in a US-based healthcare system. Real-World Red Team Insights: Explore key findings from simulated attacks that reveal how adversaries could compromise sensitive data. Healthcare Cybersecurity Trends: Access exclusive

The Crucial Role Trustwave Red Team Exercises Play in Enhancing Cybersecurity Read More »

Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia

Chrome, exploited, Featured, Firefox, sandbox escape, Vulnerabilities, Zero-Day / SecurityTicks

Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia 2025-03-28 at 12:26 By Eduard Kovacs Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek. This

Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia Read More »

Splunk Patches Dozens of Vulnerabilities

patch, Splunk, Vulnerabilities, vulnerability / SecurityTicks

Splunk Patches Dozens of Vulnerabilities 2025-03-27 at 20:03 By Ionut Arghire Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App. The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Splunk Patches Dozens of Vulnerabilities Read More »

More Solar System Vulnerabilities Expose Power Grids to Hacking

energy, Featured, ICS, ICS/OT, solar, Vulnerabilities, vulnerability / SecurityTicks

More Solar System Vulnerabilities Expose Power Grids to Hacking 2025-03-27 at 12:32 By Eduard Kovacs Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA. The post More Solar System Vulnerabilities Expose Power Grids to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

More Solar System Vulnerabilities Expose Power Grids to Hacking Read More »

OpenAI Offering $100K Bounties for Critical Vulnerabilities

Artificial Intelligence, bug bounty program, ChatGPT, OpenAI, SpecterOps, Vulnerabilities / SecurityTicks

OpenAI Offering $100K Bounties for Critical Vulnerabilities 2025-03-26 at 22:05 By Ryan Naraine OpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products. The post OpenAI Offering $100K Bounties for Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

OpenAI Offering $100K Bounties for Critical Vulnerabilities Read More »

Russian Ransomware Gang Exploited Windows Zero-Day Before Patch

CVE-2025-26633, EncryptHub, Malware & Threats, Microsoft, MMC, Ransomware, Trend Micro, Vulnerabilities / SecurityTicks

Russian Ransomware Gang Exploited Windows Zero-Day Before Patch 2025-03-26 at 18:26 By Ryan Naraine Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub) The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Russian Ransomware Gang Exploited Windows Zero-Day Before Patch Read More »

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras

camera, ICS, ICS/OT, Inaba, Vulnerabilities, vulnerability / SecurityTicks

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras 2025-03-26 at 14:32 By Eduard Kovacs Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched. The post Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras Read More »

Critical Next.js Vulnerability in Hacker Crosshairs

exploited, Next.js, Vulnerabilities, vulnerability / SecurityTicks

Critical Next.js Vulnerability in Hacker Crosshairs 2025-03-26 at 12:55 By Ionut Arghire Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js. The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Next.js Vulnerability in Hacker Crosshairs Read More »

Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky

CVE-2025-2783, cyberespionage, Cyberwarfare, Google Chrome, Kaspersky, Operation ForumTroll, Vulnerabilities / SecurityTicks

Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky 2025-03-26 at 00:38 By Ryan Naraine The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek. This article is an excerpt from

Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky Read More »

VMware Patches Authentication Bypass Flaw in Windows Tools Suite

CVE-2025-22230, virtualization, VMWare, VMware Tools for Windows, Vulnerabilities / SecurityTicks

VMware Patches Authentication Bypass Flaw in Windows Tools Suite 2025-03-25 at 17:07 By SecurityWeek News The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10. The post VMware Patches Authentication Bypass Flaw in Windows Tools Suite appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

VMware Patches Authentication Bypass Flaw in Windows Tools Suite Read More »

IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking

cloud security, Featured, IngressNightmare, Kubernetes, Vulnerabilities / SecurityTicks

IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking 2025-03-25 at 12:17 By Eduard Kovacs Critical remote code execution vulnerabilities found by Wiz researchers in Ingress NGINX Controller for Kubernetes. The post IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking Read More »

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD

CISA, CVE, Government, NIST, NVD, Vulnerabilities / SecurityTicks

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD 2025-03-24 at 18:21 By Ryan Naraine The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek. This

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD Read More »

Russian Firm Offers $4 Million for Telegram Exploits

exploit, Operation Zero, Telegram, Vulnerabilities, Zero-Day / SecurityTicks

Russian Firm Offers $4 Million for Telegram Exploits 2025-03-24 at 17:19 By Ionut Arghire A Russian exploit acquisition firm says it is willing to pay up to $4 million for full-chain exploits targeting the popular messaging service Telegram. The firm, Operation Zero, is known for selling zero-day exploits exclusively to Russian government and private organizations.

Russian Firm Offers $4 Million for Telegram Exploits Read More »

In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw

In Other News, Vulnerabilities / SecurityTicks

In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw 2025-03-21 at 17:48 By SecurityWeek News Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat flaw. The post In Other News: Critical Chrome Bug, Capital One

In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw Read More »

The Energy Industry’s Hidden Risks: Espionage, Sabotage, and Insider Threats

Database Protection, Emerging Threats, Security Research, Vulnerabilities / SecurityTicks

The Energy Industry’s Hidden Risks: Espionage, Sabotage, and Insider Threats 2025-03-21 at 15:07 By With subject matter expertise and presence across the globe, RMI Global Solutions are recognized by the oil & gas, and broader energy industry on and offshore, as experts in the threats and risks that face the spectrum of this key industry

The Energy Industry’s Hidden Risks: Espionage, Sabotage, and Insider Threats Read More »

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 2

Database Protection, Security Research, Tips & Tricks, Vulnerabilities / SecurityTicks

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 2 2025-03-20 at 18:47 By Karl Biron In Part 1 of Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster, we uncovered the dangers of running Elasticsearch with X-Pack disabled and thus, highlighting the ease with which attackers

Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 2 Read More »

CISA Warns of Exploited Nakivo Vulnerability

CISA KEV, exploited, Nakivo, Vulnerabilities / SecurityTicks

CISA Warns of Exploited Nakivo Vulnerability 2025-03-20 at 17:35 By Ionut Arghire CISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list. The post CISA Warns of Exploited Nakivo Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Warns of Exploited Nakivo Vulnerability Read More »

Veeam Patches Critical Vulnerability in Backup & Replication

Veeam, Vulnerabilities, vulnerability / SecurityTicks

Veeam Patches Critical Vulnerability in Backup & Replication 2025-03-20 at 15:11 By Ionut Arghire Veeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication. The post Veeam Patches Critical Vulnerability in Backup & Replication appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Veeam Patches Critical Vulnerability in Backup & Replication Read More »