vulnerability

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend 

cyber news, vulnerability, vulnerability management /

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend  2025-12-31 at 11:30 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 1,782 vulnerabilities in the last week, the third straight week that new vulnerabilities have been growing at twice their long-term rate.  Over 282 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities.  A total of 207 vulnerabilities were rated as critical under the CVSS […]

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend  Read More »

Fresh MongoDB Vulnerability Exploited in Attacks

exploited, MongoBleed, MongoDB, Vulnerabilities, vulnerability /

Fresh MongoDB Vulnerability Exploited in Attacks 2025-12-29 at 12:02 By Ionut Arghire Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fresh MongoDB Vulnerability Exploited in Attacks Read More »

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge 

vulnerability, vulnerability management /

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge  2025-12-23 at 14:47 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 2,415 vulnerabilities in the last week, a significant increase over even last week’s very high number of new vulnerabilities. The increase signals a heightened risk landscape and expanding attack surface in the current threat environment.  Over 300 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks. 

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge  Read More »

WatchGuard Firebox firewalls under attack (CVE-2025-14733)

CISA, Don't miss, firewall, Hot stuff, News, vulnerability, WatchGuard /

WatchGuard Firebox firewalls under attack (CVE-2025-14733) 2025-12-22 at 13:24 By Zeljka Zorz More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers, Shadowserver’s latest scanning reveals. About CVE-2025-14733 WatchGuard Firebox firewalls, which also incorporate VPN and unified threat management capabilities, are used

WatchGuard Firebox firewalls under attack (CVE-2025-14733) Read More »

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns

cyberattack, exploit, Malware, phishing, Remote Access Trojan, social engineering, trojan, vulnerability /

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns 2025-12-19 at 14:43 By rohansinhacyblecom Executive Summary CRIL (Cyble Research and Intelligence Labs) has been tracking a sophisticated commodity loader utilized by multiple high-capability threat actors. The campaign demonstrates a high degree of regional and sectoral specificity, primarily targeting Manufacturing and Government organizations across

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns Read More »

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks

boot, DMA, Endpoint Security, motherboard, security bypass, UEFI, vulnerability /

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks 2025-12-18 at 17:42 By Eduard Kovacs ASRock, Asus, Gigabyte, and MSI motherboards are vulnerable to early-boot DMA attacks. The post UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks Read More »

HPE Patches Critical Flaw in IT Infrastructure Management Software

HPE, Vulnerabilities, vulnerability /

HPE Patches Critical Flaw in IT Infrastructure Management Software 2025-12-18 at 17:42 By Ionut Arghire Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

HPE Patches Critical Flaw in IT Infrastructure Management Software Read More »

CISA Warns of Exploited Flaw in Asus Update Tool

Asus, CISA KEV, exploited, Vulnerabilities, vulnerability /

CISA Warns of Exploited Flaw in Asus Update Tool 2025-12-18 at 15:37 By Ionut Arghire Tracked as CVE-2025-59374, the issue is a software backdoor implanted in Asus Live Update in a supply chain attack. The post CISA Warns of Exploited Flaw in Asus Update Tool appeared first on SecurityWeek. This article is an excerpt from

CISA Warns of Exploited Flaw in Asus Update Tool Read More »

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

0-day, Don't miss, Google Cloud, Hot stuff, News, SonicWall, vulnerability /

Actively exploited SonicWall zero-day patched (CVE-2025-40602) 2025-12-17 at 18:46 By Zeljka Zorz SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be leveraged in combination

Actively exploited SonicWall zero-day patched (CVE-2025-40602) Read More »

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)

Arctic Wolf Networks, CISA, Don't miss, firewall, Fortinet, Hot stuff, News, vulnerability /

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) 2025-12-17 at 16:31 By Zeljka Zorz Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) Read More »

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover

JumpCloud, JumpCloud Remote Assist, privilege escalation, Vulnerabilities, vulnerability /

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover 2025-12-16 at 13:45 By Ionut Arghire The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges. The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover appeared first on SecurityWeek. This article is an excerpt from

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover Read More »

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation

vulnerability, vulnerability management /

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation 2025-12-16 at 11:38 By Ashish Khaitan Last week’s reports from Cyble Research & Intelligence Labs (CRIL) to clients highlighted new flaws from December 03 through December 09, 2025, including newly disclosed IT vulnerabilities, ICS vulnerabilities, active exploitation attempts, and dark-web discussions around weaponized CVEs. Drawing from CISA alerts, CRIL’s global sensor network, and Cyble’s vulnerability intelligence

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation Read More »

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins

exploited, Featured, Fortinet, Vulnerabilities, vulnerability /

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins 2025-12-16 at 11:38 By Ionut Arghire Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins Read More »

Recent GeoServer Vulnerability Exploited in Attacks

CISA KEV, exploited, GeoServer, Vulnerabilities, vulnerability /

Recent GeoServer Vulnerability Exploited in Attacks 2025-12-12 at 15:31 By Ionut Arghire Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent GeoServer Vulnerability Exploited in Attacks Read More »

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits

cloud security, exploit, hacking competition, open source, Vulnerabilities, vulnerability, Zeroday.Cloud /

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits 2025-12-12 at 09:51 By Eduard Kovacs Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits Read More »

Fortinet Patches Critical Authentication Bypass Vulnerabilities

Fortinet, patch, Vulnerabilities, vulnerability /

Fortinet Patches Critical Authentication Bypass Vulnerabilities 2025-12-10 at 15:18 By Ionut Arghire The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled. The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortinet Patches Critical Authentication Bypass Vulnerabilities Read More »

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

Ivanti, Vulnerabilities, vulnerability /

Ivanti EPM Update Patches Critical Remote Code Execution Flaw 2025-12-10 at 14:39 By Ionut Arghire The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti EPM Update Patches Critical Remote Code Execution Flaw Read More »

SAP Patches Critical Vulnerabilities With December 2025 Security Updates

patch, SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Vulnerabilities With December 2025 Security Updates 2025-12-10 at 14:39 By Ionut Arghire Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek. This article is an excerpt from

SAP Patches Critical Vulnerabilities With December 2025 Security Updates Read More »

Intel, AMD Processors Affected by PCIe Vulnerabilities

Amd, CPU, Endpoint Security, Featured, Intel, PCI Express, PCIe, vulnerability /

Intel, AMD Processors Affected by PCIe Vulnerabilities 2025-12-10 at 10:22 By Eduard Kovacs The PCIe flaws, found by Intel employees, can be exploited for information disclosure, escalation of privilege, or DoS. The post Intel, AMD Processors Affected by PCIe Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Intel, AMD Processors Affected by PCIe Vulnerabilities Read More »

Scroll to Top