vulnerability

The Week in Vulnerabilities: Firefox, Roundcube and ICS Flaws Flagged by Cyble

honeypot sensors, ICS Vulnerabilities, IT vulnerabilities, vulnerability /

The Week in Vulnerabilities: Firefox, Roundcube and ICS Flaws Flagged by Cyble 2025-05-28 at 17:30 By daksh sharma Cyble vulnerability intelligence researchers investigated nearly 100 IT and industrial control system (ICS) vulnerabilities this week and flagged eight as meriting high-priority attention by security teams – including two targeted by Russian threat actors. In all, Cyble […]

React to this headline:

Loading spinner

The Week in Vulnerabilities: Firefox, Roundcube and ICS Flaws Flagged by Cyble Read More »

The Week in Vulnerabilities: IT, ICS Fixes Prioritized by Cyble

ICS, IT, vulnerability /

The Week in Vulnerabilities: IT, ICS Fixes Prioritized by Cyble 2025-05-28 at 17:30 By daksh sharma Cyble vulnerability researchers identified nine high-priority fixes for IT security teams and two vulnerable ICS products. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

The Week in Vulnerabilities: IT, ICS Fixes Prioritized by Cyble Read More »

Latest Security Advisory Highlights Critical Vulnerabilities Impacting Ivanti, MDaemon, Zimbra, and More

CVE-2025-4427, Ivanti, vulnerability /

Latest Security Advisory Highlights Critical Vulnerabilities Impacting Ivanti, MDaemon, Zimbra, and More 2025-05-28 at 17:30 By daksh sharma CISA’s latest advisory report reveals critical vulnerabilities in Ivanti, MDaemon, Zimbra, and more. Patches are available for flaws like CVE-2025-4427 in Ivanti EPMM. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

Latest Security Advisory Highlights Critical Vulnerabilities Impacting Ivanti, MDaemon, Zimbra, and More Read More »

Attackers hit MSP, use its RMM software to deliver ransomware to clients

Don't miss, Hot stuff, MSP, News, Ransomware, remote management, SimpleHelp, SMBs, Sophos, vulnerability /

Attackers hit MSP, use its RMM software to deliver ransomware to clients 2025-05-28 at 14:36 By Zeljka Zorz A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via SimpleHelp, a legitimate remote monitoring and management (RMM) tool. “Sophos MDR has medium

React to this headline:

Loading spinner

Attackers hit MSP, use its RMM software to deliver ransomware to clients Read More »

Vulnerabilities found in NASA’s open source software

code analysis, Don't miss, Hot stuff, NASA, News, open source, ThreatLeap, vulnerability, vulnerability disclosure /

Vulnerabilities found in NASA’s open source software 2025-05-27 at 15:48 By Zeljka Zorz Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode, is no

React to this headline:

Loading spinner

Vulnerabilities found in NASA’s open source software Read More »

Companies Warned of Commvault Vulnerability Exploitation

alert, CISA, Commvault, exploited, Malware & Threats, vulnerability /

Companies Warned of Commvault Vulnerability Exploitation 2025-05-23 at 13:48 By Ionut Arghire CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments. The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Companies Warned of Commvault Vulnerability Exploitation Read More »

Unpatched Windows Server vulnerability allows full domain compromise

Active Directory, Akamai, Don't miss, enterprise, Hot stuff, News, privileged accounts, vulnerability, Windows Server /

Unpatched Windows Server vulnerability allows full domain compromise 2025-05-22 at 18:45 By Zeljka Zorz A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server

React to this headline:

Loading spinner

Unpatched Windows Server vulnerability allows full domain compromise Read More »

GitLab, Atlassian Patch High-Severity Vulnerabilities

Atlassian, GitLab, Vulnerabilities, vulnerability /

GitLab, Atlassian Patch High-Severity Vulnerabilities 2025-05-22 at 08:18 By Ionut Arghire GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs. The post GitLab, Atlassian Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

GitLab, Atlassian Patch High-Severity Vulnerabilities Read More »

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway

ICS, ICS/OT, SCADA, vulnerability /

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway 2025-05-21 at 18:49 By Eduard Kovacs More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535. The post Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway Read More »

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities

exploited, Ivanti, Vulnerabilities, vulnerability /

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities 2025-05-21 at 12:49 By Ionut Arghire Wiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution. The post Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities Read More »

Critical OpenPGP.js Vulnerability Allows Spoofing

email security, Encryption, OpenPGP, Vulnerabilities, vulnerability /

Critical OpenPGP.js Vulnerability Allows Spoofing 2025-05-21 at 10:16 By Eduard Kovacs An OpenPGP.js vulnerability tracked as CVE-2025-47934 allows message signature verification to be spoofed.  The post Critical OpenPGP.js Vulnerability Allows Spoofing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Critical OpenPGP.js Vulnerability Allows Spoofing Read More »

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers 

CISA, LEV, NIST, prioritization, Vulnerabilities, vulnerability /

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  2025-05-20 at 15:39 By Eduard Kovacs The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.  The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  Read More »

O2 Service Vulnerability Exposed User Location

location tracking, Mobile & Wireless, O2, vulnerability /

O2 Service Vulnerability Exposed User Location 2025-05-20 at 13:20 By Ionut Arghire A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses. The post O2 Service Vulnerability Exposed User Location appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

O2 Service Vulnerability Exposed User Location Read More »

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025

competition, exploit, Featured, Pwn2OPwn, Pwn2Own 2025, Vulnerabilities, vulnerability /

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 2025-05-19 at 12:02 By Eduard Kovacs Pwn2Own participants demonstrated exploits against VMs, AI, browsers, servers, containers, and operating systems. The post Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 Read More »

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

Chrome, CISA, Don't miss, Google, Hot stuff, Microsoft Edge, News, security update, vulnerability, vulnerability disclosure /

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google

React to this headline:

Loading spinner

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers

Don't miss, Hot stuff, Huntress, News, PoC, Samsung, SANS ISC, vulnerability /

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers 2025-05-15 at 14:18 By Zeljka Zorz Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to fix a vulnerability that’s reportedly being exploited by attackers. If this advice sounds familiar,

React to this headline:

Loading spinner

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers Read More »

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Chrome, exploited, PoC, Vulnerabilities, vulnerability /

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ 2025-05-15 at 11:33 By Ionut Arghire Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists. The post Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ Read More »

Vulnerabilities Patched by Juniper, VMware and Zoom 

Juniper, Patch Tuesday, VMWare, Vulnerabilities, vulnerability, Zoom /

Vulnerabilities Patched by Juniper, VMware and Zoom  2025-05-14 at 13:46 By Ionut Arghire Juniper Networks, VMware, and Zoom have announced patches for dozens of vulnerabilities across their products. The post Vulnerabilities Patched by Juniper, VMware and Zoom  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Vulnerabilities Patched by Juniper, VMware and Zoom  Read More »

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

exploited, Featured, Ivanti, Vulnerabilities, vulnerability, Zero-Day /

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers 2025-05-14 at 11:01 By Ionut Arghire Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution. The post Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers Read More »

Scroll to Top