vulnerability

Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

exploited, Patch Tuesday, Vulnerabilities, vulnerability, Windows, Zero-Day /

Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities 2026-01-13 at 21:52 By Eduard Kovacs Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released. The post Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities Read More »

Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks

Asus, Broadcom, chipset, Mobile & Wireless, router, vulnerability, Wi-Fi /

Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks 2026-01-13 at 17:45 By Eduard Kovacs The vulnerability was discovered in Asus routers, but all devices using the affected chipset are susceptible to attacks.  The post Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks Read More »

Instagram Fixes Password Reset Vulnerability Amid User Data Leak

Data Breaches, Data leak, Instagram, password reset, vulnerability /

Instagram Fixes Password Reset Vulnerability Amid User Data Leak 2026-01-12 at 16:35 By Ionut Arghire The social media platform confirmed that the issue allowed third parties to send password reset emails to Instagram users. The post Instagram Fixes Password Reset Vulnerability Amid User Data Leak appeared first on SecurityWeek. This article is an excerpt from

Instagram Fixes Password Reset Vulnerability Amid User Data Leak Read More »

Trend Micro Patches Critical Code Execution Flaw in Apex Central

Apex, Trend Micro, Vulnerabilities, vulnerability /

Trend Micro Patches Critical Code Execution Flaw in Apex Central 2026-01-09 at 16:04 By Eduard Kovacs Tenable has released PoC code and technical details after the vendor announced the availability of patches for three vulnerabilities. The post Trend Micro Patches Critical Code Execution Flaw in Apex Central appeared first on SecurityWeek. This article is an

Trend Micro Patches Critical Code Execution Flaw in Apex Central Read More »

CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over

CISA, CISA KEV, Featured, Vulnerabilities, vulnerability /

CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over 2026-01-09 at 15:44 By Ionut Arghire The Emergency Directives were retired because they achieved objectives or targeted vulnerabilities included in the KEV catalog. The post CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over appeared first on SecurityWeek. This article is an excerpt from

CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over Read More »

The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits 

vulnerability, vulnerability management /

The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits  2026-01-09 at 13:39 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 678 vulnerabilities in the last week, a decline from the high volume of new vulnerabilities observed in the last few weeks of 2025.   Nearly 100 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities.  A total of 42 vulnerabilities were rated as critical under

The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits  Read More »

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)

CISA, data center, Don't miss, Hot stuff, HPE, Metasploit, News, Rapid7, security update, vulnerability /

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) 2026-01-08 at 16:43 By Zeljka Zorz An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. The vulnerability’s inclusion in the catalog is unsurprising, as technical

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) Read More »

Critical Vulnerability Exposes n8n Instances to Takeover Attacks

n8n, Vulnerabilities, vulnerability /

Critical Vulnerability Exposes n8n Instances to Takeover Attacks 2026-01-08 at 15:34 By Ionut Arghire Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication. The post Critical Vulnerability Exposes n8n Instances to Takeover Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Vulnerability Exposes n8n Instances to Takeover Attacks Read More »

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)

Don't miss, Hot stuff, News, PoC, security update, Tenable, Trend Micro, vulnerability /

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) 2026-01-08 at 14:08 By Zeljka Zorz Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations. The three vulnerabilities were unearthed and

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) Read More »

Critical HPE OneView Vulnerability Exploited in Attacks

CISA KEV, exploited, Featured, HPE, HPE OneView, Vulnerabilities, vulnerability /

Critical HPE OneView Vulnerability Exploited in Attacks 2026-01-08 at 13:20 By Ionut Arghire The maximum-severity code injection flaw can be exploited without authentication for remote code execution. The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical HPE OneView Vulnerability Exploited in Attacks Read More »

Vulnerability in Totolink Range Extender Allows Device Takeover

range extender, Totolink, Vulnerabilities, vulnerability, Wi-Fi /

Vulnerability in Totolink Range Extender Allows Device Takeover 2026-01-07 at 16:05 By Ionut Arghire An error in the firmware-upload handler leads to devices starting an unauthenticated root-level Telnet service. The post Vulnerability in Totolink Range Extender Allows Device Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerability in Totolink Range Extender Allows Device Takeover Read More »

Several Code Execution Flaws Patched in Veeam Backup & Replication

Veeam, Vulnerabilities, vulnerability /

Several Code Execution Flaws Patched in Veeam Backup & Replication 2026-01-07 at 15:32 By Eduard Kovacs Four vulnerabilities have been fixed in the latest release of Veeam Backup & Replication. The post Several Code Execution Flaws Patched in Veeam Backup & Replication appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Several Code Execution Flaws Patched in Veeam Backup & Replication Read More »

Critical Dolby Vulnerability Patched in Android

Android, Dolby, Vulnerabilities, vulnerability /

Critical Dolby Vulnerability Patched in Android 2026-01-06 at 15:59 By Eduard Kovacs The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers. The post Critical Dolby Vulnerability Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Critical Dolby Vulnerability Patched in Android Read More »

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915) 

vulnerability, vulnerability management /

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915)  2026-01-06 at 10:01 By Ashish Khaitan Overview  The Cyber Security Agency of Singapore has issued an alert regarding a critical vulnerability affecting IBM API Connect, following the release of official security updates by IBM on 2 January 2026. The flaw, tracked as CVE-2025-13915, carries a CVSS v3.1 base score of 9.8, placing

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915)  Read More »

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

CISA, CISA KEV, Vulnerabilities, vulnerability /

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries 2026-01-05 at 17:15 By Ionut Arghire With 24 new vulnerabilities known to be exploited by ransomware groups, the list now includes 1,484 software and hardware flaws. The post CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries appeared first on SecurityWeek. This article is

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries Read More »

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes

Featured, Fingerprint, patch, Privacy, Vulnerabilities, vulnerability /

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes 2026-01-05 at 14:18 By Eduard Kovacs WhatsApp device fingerprinting can be useful in the delivery of sophisticated spyware, but impact is very limited without a zero-day. The post Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes appeared first on SecurityWeek. This

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes Read More »

CISA Known Exploited Vulnerabilities Surged 20% in 2025 

vulnerability, vulnerability management /

CISA Known Exploited Vulnerabilities Surged 20% in 2025  2026-01-02 at 14:43 By Ashish Khaitan The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, as the database grew to 1,484 software and hardware flaws at high risk of cyberattacks.  The agency removed at least one vulnerability from the catalog in 2025 – CVE-2025-6264, a Velociraptor Incorrect Default Permissions vulnerability that CISA determined had

CISA Known Exploited Vulnerabilities Surged 20% in 2025  Read More »

Adobe ColdFusion Servers Targeted in Coordinated Campaign

Adobe, Adobe ColdFusion, exploited, Initial access, Vulnerabilities, vulnerability /

Adobe ColdFusion Servers Targeted in Coordinated Campaign 2026-01-02 at 14:42 By Ionut Arghire GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe ColdFusion Servers Targeted in Coordinated Campaign Read More »

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend 

cyber news, vulnerability, vulnerability management /

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend  2025-12-31 at 11:30 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 1,782 vulnerabilities in the last week, the third straight week that new vulnerabilities have been growing at twice their long-term rate.  Over 282 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities.  A total of 207 vulnerabilities were rated as critical under the CVSS

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend  Read More »

Scroll to Top