vulnerability

Many networking devices are still vulnerable to pixie dust attack

attack, consumer, Don't miss, Features, firmware, legacy technology, News, SMBs, TP-LINK, vulnerability, wireless /

Many networking devices are still vulnerable to pixie dust attack 2025-09-17 at 18:22 By Zeljka Zorz Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, Netrise researchers have confirmed. WPS and the pixie dust attack Wi-Fi Protected Setup (WPS) […]

React to this headline:

Loading spinner

Many networking devices are still vulnerable to pixie dust attack Read More »

Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm

Featured, hardware, KioSoft, MiFare, NFC, payment, Vulnerabilities, vulnerability /

Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm 2025-09-12 at 11:47 By Eduard Kovacs KioSoft was notified about a serious NFC card vulnerability in 2023 and only recently claimed to have released a patch. The post Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm appeared

React to this headline:

Loading spinner

Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm Read More »

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls

ACSC, Australia, Don't miss, Hot stuff, News, Ransomware, Rapid7, SonicWall, vulnerability /

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls 2025-09-11 at 18:25 By Zeljka Zorz Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting it. Like last September and earlier this year, the attackers are affiliates of the Akira

React to this headline:

Loading spinner

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Read More »

Critical Chrome Vulnerability Earns Researcher $43,000

Chrome, patch, Vulnerabilities, vulnerability /

Critical Chrome Vulnerability Earns Researcher $43,000 2025-09-11 at 16:35 By Ionut Arghire Google patched a critical use-after-free vulnerability in Chrome that could potentially lead to code execution. The post Critical Chrome Vulnerability Earns Researcher $43,000 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Critical Chrome Vulnerability Earns Researcher $43,000 Read More »

Default Cursor setting can be exploited to run malicious code on developers’ machines

Cursor, Don't miss, Hot stuff, News, Oasis Security, programming, software development, vulnerability /

Default Cursor setting can be exploited to run malicious code on developers’ machines 2025-09-11 at 14:02 By Zeljka Zorz An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have warned. An exploitable vulnerability in the Cursor AI editor Cursor is

React to this headline:

Loading spinner

Default Cursor setting can be exploited to run malicious code on developers’ machines Read More »

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday

Adobe, Adobe ColdFusion, Don't miss, Hot stuff, Immersive, magento, News, Patch Tuesday, Sansec, SAP, security update, Tenable, Trend Micro, vulnerability /

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday 2025-09-10 at 13:56 By Zeljka Zorz On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively exploited. Among the critical and important vulnerabilities patched by Microsoft

React to this headline:

Loading spinner

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday Read More »

Microsoft Patches 86 Vulnerabilities

Featured, Microsoft, Patch Tuesday, Vulnerabilities, vulnerability /

Microsoft Patches 86 Vulnerabilities 2025-09-09 at 21:57 By Eduard Kovacs Microsoft has released patches for dozens of flaws in Windows and other products, including ones with ‘exploitation more likely’ rating. The post Microsoft Patches 86 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Microsoft Patches 86 Vulnerabilities Read More »

Adobe Patches Critical ColdFusion and Commerce Vulnerabilities

Adobe, Vulnerabilities, vulnerability /

Adobe Patches Critical ColdFusion and Commerce Vulnerabilities 2025-09-09 at 21:21 By Eduard Kovacs Adobe has patched nearly two dozen vulnerabilities across nine of its products with its September 2025 Patch Tuesday updates. The post Adobe Patches Critical ColdFusion and Commerce Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Adobe Patches Critical ColdFusion and Commerce Vulnerabilities Read More »

Plex tells users to change passwords due to data breach, pushes server owners to upgrade

data breach, Don't miss, Hot stuff, News, Plex Media Server, security update, streaming device, vulnerability /

Plex tells users to change passwords due to data breach, pushes server owners to upgrade 2025-09-09 at 19:42 By Zeljka Zorz Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third party accessed a limited subset of customer data from

React to this headline:

Loading spinner

Plex tells users to change passwords due to data breach, pushes server owners to upgrade Read More »

Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool

A2, AI, Android, Artificial Intelligence, research, vulnerability /

Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool 2025-09-05 at 16:44 By Ionut Arghire Called A2, the framework mimics human analysis to identify vulnerabilities in Android applications and then validates them. The post Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool Read More »

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

Don't miss, enterprise, Hot stuff, NCSC-NL, News, SAP, SAP security, SecurityBridge, vulnerability /

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) 2025-09-05 at 15:03 By Zeljka Zorz A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a report

React to this headline:

Loading spinner

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) Read More »

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)

Android, Don't miss, Google, Hot stuff, Motorola Solutions, News, Samsung, security update, vulnerability /

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) 2025-09-04 at 16:58 By Zeljka Zorz Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code

React to this headline:

Loading spinner

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) Read More »

macOS vulnerability allowed Keychain and iOS app decryption without a password

apple, conferences, CVE, cybersecurity, Don't miss, Hot stuff, macOS, News, security update, vulnerability /

macOS vulnerability allowed Keychain and iOS app decryption without a password 2025-09-04 at 15:41 By Mirko Zorz Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the

React to this headline:

Loading spinner

macOS vulnerability allowed Keychain and iOS app decryption without a password Read More »

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158

Don't miss, Hot stuff, News, Plex Media Server, security update, streaming device, vulnerability /

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 2025-08-27 at 14:29 By Zeljka Zorz Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server (PMS) is

React to this headline:

Loading spinner

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Read More »

Docker Desktop Vulnerability Leads to Host Compromise

cloud security, Docker, vulnerability /

Docker Desktop Vulnerability Leads to Host Compromise 2025-08-26 at 14:34 By Ionut Arghire A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Docker Desktop Vulnerability Leads to Host Compromise Read More »

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

CISA, Don't miss, Git, Hot stuff, News, PoC, software development, vulnerability /

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security

React to this headline:

Loading spinner

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »

Russian threat actors using old Cisco bug to target critical infrastructure orgs

Cisco, critical infrastructure, cyber espionage, Don't miss, FBI, Hot stuff, News, Russian Federation, USA, vulnerability /

Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets

React to this headline:

Loading spinner

Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »

Password Managers Vulnerable to Data Theft via Clickjacking

Data Protection, password manager, research, Vulnerabilities, vulnerability /

Password Managers Vulnerable to Data Theft via Clickjacking 2025-08-21 at 15:18 By Eduard Kovacs A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks. The post Password Managers Vulnerable to Data Theft via Clickjacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Password Managers Vulnerable to Data Theft via Clickjacking Read More »

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)

Don't miss, exploit, Hot stuff, News, Onapsis, SAP, SAP security, Shadowserver, vulnerability /

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) 2025-08-20 at 19:25 By Zeljka Zorz A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram

React to this headline:

Loading spinner

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) Read More »

High-Severity Vulnerabilities Patched in Chrome, Firefox

Chrome, Firefox, patch, Vulnerabilities, vulnerability /

High-Severity Vulnerabilities Patched in Chrome, Firefox 2025-08-20 at 11:19 By Ionut Arghire Google and Mozilla have released patches for multiple high-severity vulnerabilities affecting Chrome and Firefox. The post High-Severity Vulnerabilities Patched in Chrome, Firefox appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

High-Severity Vulnerabilities Patched in Chrome, Firefox Read More »

Scroll to Top