vulnerability

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 2025-08-27 at 14:29 By Zeljka Zorz Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server (PMS) is […]

React to this headline:

Loading spinner

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Read More »

Docker Desktop Vulnerability Leads to Host Compromise

Docker Desktop Vulnerability Leads to Host Compromise 2025-08-26 at 14:34 By Ionut Arghire A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Docker Desktop Vulnerability Leads to Host Compromise Read More »

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security

React to this headline:

Loading spinner

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »

Russian threat actors using old Cisco bug to target critical infrastructure orgs

Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets

React to this headline:

Loading spinner

Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »

Password Managers Vulnerable to Data Theft via Clickjacking

Password Managers Vulnerable to Data Theft via Clickjacking 2025-08-21 at 15:18 By Eduard Kovacs A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks. The post Password Managers Vulnerable to Data Theft via Clickjacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Password Managers Vulnerable to Data Theft via Clickjacking Read More »

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) 2025-08-20 at 19:25 By Zeljka Zorz A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram

React to this headline:

Loading spinner

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) Read More »

High-Severity Vulnerabilities Patched in Chrome, Firefox

High-Severity Vulnerabilities Patched in Chrome, Firefox 2025-08-20 at 11:19 By Ionut Arghire Google and Mozilla have released patches for multiple high-severity vulnerabilities affecting Chrome and Firefox. The post High-Severity Vulnerabilities Patched in Chrome, Firefox appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

High-Severity Vulnerabilities Patched in Chrome, Firefox Read More »

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event)

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-16 at 16:58 By SecurityWeek News CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared

React to this headline:

Loading spinner

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »

Cisco Patches Critical Vulnerability in Firewall Management Platform

Cisco Patches Critical Vulnerability in Firewall Management Platform 2025-08-15 at 10:48 By Eduard Kovacs Cisco has released over 20 advisories as part of its August 2025 bundled publication for ASA, FMC and FTD products. The post Cisco Patches Critical Vulnerability in Firewall Management Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Cisco Patches Critical Vulnerability in Firewall Management Platform Read More »

Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution

Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution 2025-08-14 at 17:04 By Eduard Kovacs Path traversal and XXE injection flaws allowing unauthenticated remote code execution have been patched in Xerox FreeFlow Core.  The post Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution Read More »

‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks

‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks 2025-08-14 at 14:31 By Eduard Kovacs The new DDoS attack vector, which involves HTTP/2 implementation flaws, has been compared to Rapid Reset. The post ‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks Read More »

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) 2025-08-14 at 13:33 By Zeljka Zorz Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers. There are no public reports of exploitation, but the confirmation came from

React to this headline:

Loading spinner

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) Read More »

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities 2025-08-13 at 18:01 By Zeljka Zorz The Ruđer Bošković Institute (RBI), the largest Croatian science and technology research institute, has confirmed that it was the one of “at least 9,000 institutions worldwide” that were attacked using the Microsoft SharePoint “ToolShell” vulnerabilities. The attack happened on Thursday,

React to this headline:

Loading spinner

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities Read More »

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia 2025-08-13 at 15:35 By Eduard Kovacs Intel, AMD and Nvidia have published security advisories describing vulnerabilities found recently in their products. The post Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Read More »

Microsoft Patches Over 100 Vulnerabilities

Microsoft Patches Over 100 Vulnerabilities 2025-08-13 at 07:02 By Eduard Kovacs Microsoft’s August 2025 Patch Tuesday updates address critical vulnerabilities in Windows, Office, and Hyper-V. The post Microsoft Patches Over 100 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Microsoft Patches Over 100 Vulnerabilities Read More »

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event)

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-12 at 15:35 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual

React to this headline:

Loading spinner

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »

SAP Patches Critical S/4HANA Vulnerability

SAP Patches Critical S/4HANA Vulnerability 2025-08-12 at 14:42 By Eduard Kovacs SAP has released 15 new security notes on the August 2025 Patch Tuesday, including for critical vulnerabilities. The post SAP Patches Critical S/4HANA Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

SAP Patches Critical S/4HANA Vulnerability Read More »

Chrome Sandbox Escape Earns Researcher $250,000

Chrome Sandbox Escape Earns Researcher $250,000 2025-08-11 at 17:17 By Eduard Kovacs A researcher has been given the highest reward in Google’s Chrome bug bounty program for a sandbox escape with remote code execution. The post Chrome Sandbox Escape Earns Researcher $250,000 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Chrome Sandbox Escape Earns Researcher $250,000 Read More »

Win-DDoS: Attackers can turn public domain controllers into DDoS agents

Win-DDoS: Attackers can turn public domain controllers into DDoS agents 2025-08-11 at 16:02 By Zeljka Zorz SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one one of which (CVE-2025-32724) can also be leveraged to force public DCs to participate in distributed

React to this headline:

Loading spinner

Win-DDoS: Attackers can turn public domain controllers into DDoS agents Read More »

WinRAR zero day exploited by RomCom hackers in targeted attacks

WinRAR zero day exploited by RomCom hackers in targeted attacks 2025-08-11 at 12:55 By Sinisa Markovic ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows versions of its command line tools, UnRAR.dll, or the portable

React to this headline:

Loading spinner

WinRAR zero day exploited by RomCom hackers in targeted attacks Read More »

Scroll to Top