vulnerability

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) 2025-03-28 at 12:57 By Zeljka Zorz Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857) […]

React to this headline:

Loading spinner

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) Read More »

Splunk Patches Dozens of Vulnerabilities

Splunk Patches Dozens of Vulnerabilities 2025-03-27 at 20:03 By Ionut Arghire Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App. The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Splunk Patches Dozens of Vulnerabilities Read More »

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) 2025-03-27 at 13:14 By Zeljka Zorz CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day

React to this headline:

Loading spinner

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) Read More »

More Solar System Vulnerabilities Expose Power Grids to Hacking 

More Solar System Vulnerabilities Expose Power Grids to Hacking  2025-03-27 at 12:32 By Eduard Kovacs Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA. The post More Solar System Vulnerabilities Expose Power Grids to Hacking  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

More Solar System Vulnerabilities Expose Power Grids to Hacking  Read More »

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras 2025-03-26 at 14:32 By Eduard Kovacs Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched. The post Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras Read More »

Critical Next.js Vulnerability in Hacker Crosshairs

Critical Next.js Vulnerability in Hacker Crosshairs 2025-03-26 at 12:55 By Ionut Arghire Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js. The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Critical Next.js Vulnerability in Hacker Crosshairs Read More »

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover 2025-03-25 at 18:54 By Zeljka Zorz Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering

React to this headline:

Loading spinner

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover Read More »

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) 2025-03-24 at 15:17 By Zeljka Zorz A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel).

React to this headline:

Loading spinner

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) Read More »

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has

React to this headline:

Loading spinner

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »

Veeam Patches Critical Vulnerability in Backup & Replication

Veeam Patches Critical Vulnerability in Backup & Replication 2025-03-20 at 15:11 By Ionut Arghire Veeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication. The post Veeam Patches Critical Vulnerability in Backup & Replication appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Veeam Patches Critical Vulnerability in Backup & Replication Read More »

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) 2025-03-20 at 14:29 By Zeljka Zorz Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the

React to this headline:

Loading spinner

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Read More »

Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover 

Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover  2025-03-18 at 18:33 By Eduard Kovacs A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks. The post Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover  Read More »

8,000 New WordPress Vulnerabilities Reported in 2024

8,000 New WordPress Vulnerabilities Reported in 2024 2025-03-17 at 18:14 By Ionut Arghire Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

8,000 New WordPress Vulnerabilities Reported in 2024 Read More »

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services 2025-03-17 at 13:16 By Eduard Kovacs Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.  The post Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services Read More »

Cisco Patches 10 Vulnerabilities in IOS XR

Cisco Patches 10 Vulnerabilities in IOS XR 2025-03-13 at 18:02 By Ionut Arghire Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs. The post Cisco Patches 10 Vulnerabilities in IOS XR appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Cisco Patches 10 Vulnerabilities in IOS XR Read More »

Zoom Patches 4 High-Severity Vulnerabilities

Zoom Patches 4 High-Severity Vulnerabilities 2025-03-12 at 17:04 By Eduard Kovacs Zoom has patched five vulnerabilities in its applications, including four high-severity flaws. The post Zoom Patches 4 High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Zoom Patches 4 High-Severity Vulnerabilities Read More »

Fortinet Patches 18 Vulnerabilities 

Fortinet Patches 18 Vulnerabilities  2025-03-12 at 14:52 By Eduard Kovacs Fortinet has published 17 new advisories to inform customers about 18 vulnerabilities patched in its products. The post Fortinet Patches 18 Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Fortinet Patches 18 Vulnerabilities  Read More »

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver 2025-03-11 at 15:00 By Ionut Arghire SAP released 21 new security notes and updated three security notes on March 2025 security patch day. The post SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver Read More »

Details Disclosed for SCADA Flaws That Could Facilitate Industrial Attacks

Details Disclosed for SCADA Flaws That Could Facilitate Industrial Attacks 2025-03-10 at 19:01 By Eduard Kovacs Palo Alto Networks has shared details on several high-severity Mitsubishi Electric and Iconics SCADA vulnerabilities. The post Details Disclosed for SCADA Flaws That Could Facilitate Industrial Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Details Disclosed for SCADA Flaws That Could Facilitate Industrial Attacks Read More »

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities 2025-03-05 at 13:15 By Ionut Arghire Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities. The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities Read More »

Scroll to Top