vulnerability

SolarWinds Patches Four Critical Serv-U Vulnerabilities

SolarWinds Patches Four Critical Serv-U Vulnerabilities 2026-02-25 at 17:30 By Ionut Arghire The four security defects could be exploited for remote code execution but require administrative privileges. The post SolarWinds Patches Four Critical Serv-U Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SolarWinds Patches Four Critical Serv-U Vulnerabilities Read More »

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs 2026-02-25 at 15:20 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,102 vulnerabilities last week. Of these, 166 vulnerabilities already have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of real-world attacks. A total of 49 vulnerabilities were rated critical under CVSS v3.1, while 32 received critical

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs Read More »

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) 2026-02-25 at 12:14 By Zeljka Zorz CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) Read More »

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

VMware Aria Operations Vulnerability Could Allow Remote Code Execution 2026-02-24 at 16:42 By Eduard Kovacs Broadcom has patched several vulnerabilities in VMware Aria Operations, including high-severity flaws. The post VMware Aria Operations Vulnerability Could Allow Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

VMware Aria Operations Vulnerability Could Allow Remote Code Execution Read More »

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover 2026-02-24 at 14:26 By Ionut Arghire Attackers can inject malicious instructions in a GitHub Issue that are automatically processed by Copilot when launching a Codespace from that issue. The post GitHub Issues Abused in Copilot Attack Leading to Repository Takeover appeared first on SecurityWeek. This

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover Read More »

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure 2026-02-19 at 14:07 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,158 vulnerabilities last week. Of these, 251 vulnerabilities already have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of real-world attacks.  A total of 94 vulnerabilities were rated critical under CVSS v3.1, while 43 were rated

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure Read More »

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment 2026-02-09 at 17:18 By Zeljka Zorz SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed vulnerability in that solution. How did the SmarterTools breach happen? Derek Curtis, the firm’s Chief Operating Officer,

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment Read More »

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) 2026-02-09 at 13:36 By Zeljka Zorz BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) Read More »

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog 2026-02-09 at 11:10 By Kevin Townsend The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it. The post New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog Read More »

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks 2026-02-06 at 09:54 By Ionut Arghire The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests. The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks Read More »

Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog

Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog 2026-02-06 at 08:00 By Eduard Kovacs CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek. This article is an excerpt

Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog Read More »

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers 2026-02-05 at 18:17 By Zeljka Zorz CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers Read More »

VS Code Configs Expose GitHub Codespaces to Attacks

VS Code Configs Expose GitHub Codespaces to Attacks 2026-02-05 at 16:59 By Ionut Arghire VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

VS Code Configs Expose GitHub Codespaces to Attacks Read More »

Critical N8n Sandbox Escape Could Lead to Server Compromise

Critical N8n Sandbox Escape Could Lead to Server Compromise 2026-02-05 at 14:02 By Ionut Arghire The vulnerability could allow attackers to execute arbitrary commands and steal credentials and other secrets. The post Critical N8n Sandbox Escape Could Lead to Server Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical N8n Sandbox Escape Could Lead to Server Compromise Read More »

Cisco, F5 Patch High-Severity Vulnerabilities

Cisco, F5 Patch High-Severity Vulnerabilities 2026-02-05 at 12:06 By Ionut Arghire The security defects can lead to DoS conditions, arbitrary command execution, and privilege escalation. The post Cisco, F5 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco, F5 Patch High-Severity Vulnerabilities Read More »

Vulnerabilities Allowed Full Compromise of Google Looker Instances

Vulnerabilities Allowed Full Compromise of Google Looker Instances 2026-02-04 at 15:45 By Eduard Kovacs The flaws dubbed LookOut can be exploited for remote code execution and data exfiltration. The post Vulnerabilities Allowed Full Compromise of Google Looker Instances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerabilities Allowed Full Compromise of Google Looker Instances Read More »

DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft

DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft 2026-02-04 at 13:48 By Ionut Arghire The critical vulnerability exists in the contextual trust in MCP Gateway architecture, as instructions are passed without validation. The post DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft appeared first on SecurityWeek. This article is

DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft Read More »

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk 2026-02-04 at 13:25 By Help Net Security Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as “LookOut,” affecting Google Looker. Because the business intelligence platform is deployed by more than 60,000 organizations in 195 countries, the flaws could give attackers a path

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk Read More »

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks 2026-02-04 at 12:02 By Ionut Arghire Two IP addresses accounted for the majority of the 1.4 million exploitation attempts observed over the past week. The post Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks Read More »

Fresh SolarWinds Vulnerability Exploited in Attacks

Fresh SolarWinds Vulnerability Exploited in Attacks 2026-02-04 at 11:56 By Ionut Arghire The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. The post Fresh SolarWinds Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fresh SolarWinds Vulnerability Exploited in Attacks Read More »

Scroll to Top