vulnerability

Critical Vulnerability Exposes n8n Instances to Takeover Attacks

Critical Vulnerability Exposes n8n Instances to Takeover Attacks 2026-01-08 at 15:34 By Ionut Arghire Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication. The post Critical Vulnerability Exposes n8n Instances to Takeover Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Vulnerability Exposes n8n Instances to Takeover Attacks Read More »

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) 2026-01-08 at 14:08 By Zeljka Zorz Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations. The three vulnerabilities were unearthed and

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) Read More »

Critical HPE OneView Vulnerability Exploited in Attacks

Critical HPE OneView Vulnerability Exploited in Attacks 2026-01-08 at 13:20 By Ionut Arghire The maximum-severity code injection flaw can be exploited without authentication for remote code execution. The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical HPE OneView Vulnerability Exploited in Attacks Read More »

Vulnerability in Totolink Range Extender Allows Device Takeover

Vulnerability in Totolink Range Extender Allows Device Takeover 2026-01-07 at 16:05 By Ionut Arghire An error in the firmware-upload handler leads to devices starting an unauthenticated root-level Telnet service. The post Vulnerability in Totolink Range Extender Allows Device Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerability in Totolink Range Extender Allows Device Takeover Read More »

Several Code Execution Flaws Patched in Veeam Backup & Replication

Several Code Execution Flaws Patched in Veeam Backup & Replication 2026-01-07 at 15:32 By Eduard Kovacs Four vulnerabilities have been fixed in the latest release of Veeam Backup & Replication. The post Several Code Execution Flaws Patched in Veeam Backup & Replication appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Several Code Execution Flaws Patched in Veeam Backup & Replication Read More »

Critical Dolby Vulnerability Patched in Android

Critical Dolby Vulnerability Patched in Android 2026-01-06 at 15:59 By Eduard Kovacs The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers. The post Critical Dolby Vulnerability Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Critical Dolby Vulnerability Patched in Android Read More »

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915) 

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915)  2026-01-06 at 10:01 By Ashish Khaitan Overview  The Cyber Security Agency of Singapore has issued an alert regarding a critical vulnerability affecting IBM API Connect, following the release of official security updates by IBM on 2 January 2026. The flaw, tracked as CVE-2025-13915, carries a CVSS v3.1 base score of 9.8, placing

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915)  Read More »

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries 2026-01-05 at 17:15 By Ionut Arghire With 24 new vulnerabilities known to be exploited by ransomware groups, the list now includes 1,484 software and hardware flaws. The post CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries appeared first on SecurityWeek. This article is

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries Read More »

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes 2026-01-05 at 14:18 By Eduard Kovacs WhatsApp device fingerprinting can be useful in the delivery of sophisticated spyware, but impact is very limited without a zero-day. The post Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes appeared first on SecurityWeek. This

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes Read More »

CISA Known Exploited Vulnerabilities Surged 20% in 2025 

CISA Known Exploited Vulnerabilities Surged 20% in 2025  2026-01-02 at 14:43 By Ashish Khaitan The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, as the database grew to 1,484 software and hardware flaws at high risk of cyberattacks.  The agency removed at least one vulnerability from the catalog in 2025 – CVE-2025-6264, a Velociraptor Incorrect Default Permissions vulnerability that CISA determined had

CISA Known Exploited Vulnerabilities Surged 20% in 2025  Read More »

Adobe ColdFusion Servers Targeted in Coordinated Campaign

Adobe ColdFusion Servers Targeted in Coordinated Campaign 2026-01-02 at 14:42 By Ionut Arghire GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe ColdFusion Servers Targeted in Coordinated Campaign Read More »

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend 

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend  2025-12-31 at 11:30 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 1,782 vulnerabilities in the last week, the third straight week that new vulnerabilities have been growing at twice their long-term rate.  Over 282 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities.  A total of 207 vulnerabilities were rated as critical under the CVSS

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend  Read More »

Fresh MongoDB Vulnerability Exploited in Attacks

Fresh MongoDB Vulnerability Exploited in Attacks 2025-12-29 at 12:02 By Ionut Arghire Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fresh MongoDB Vulnerability Exploited in Attacks Read More »

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge 

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge  2025-12-23 at 14:47 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 2,415 vulnerabilities in the last week, a significant increase over even last week’s very high number of new vulnerabilities. The increase signals a heightened risk landscape and expanding attack surface in the current threat environment.  Over 300 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks. 

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge  Read More »

WatchGuard Firebox firewalls under attack (CVE-2025-14733)

WatchGuard Firebox firewalls under attack (CVE-2025-14733) 2025-12-22 at 13:24 By Zeljka Zorz More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers, Shadowserver’s latest scanning reveals. About CVE-2025-14733 WatchGuard Firebox firewalls, which also incorporate VPN and unified threat management capabilities, are used

WatchGuard Firebox firewalls under attack (CVE-2025-14733) Read More »

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns 2025-12-19 at 14:43 By rohansinhacyblecom Executive Summary CRIL (Cyble Research and Intelligence Labs) has been tracking a sophisticated commodity loader utilized by multiple high-capability threat actors. The campaign demonstrates a high degree of regional and sectoral specificity, primarily targeting Manufacturing and Government organizations across

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns Read More »

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks 2025-12-18 at 17:42 By Eduard Kovacs ASRock, Asus, Gigabyte, and MSI motherboards are vulnerable to early-boot DMA attacks. The post UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks Read More »

HPE Patches Critical Flaw in IT Infrastructure Management Software

HPE Patches Critical Flaw in IT Infrastructure Management Software 2025-12-18 at 17:42 By Ionut Arghire Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

HPE Patches Critical Flaw in IT Infrastructure Management Software Read More »

CISA Warns of Exploited Flaw in Asus Update Tool

CISA Warns of Exploited Flaw in Asus Update Tool 2025-12-18 at 15:37 By Ionut Arghire Tracked as CVE-2025-59374, the issue is a software backdoor implanted in Asus Live Update in a supply chain attack. The post CISA Warns of Exploited Flaw in Asus Update Tool appeared first on SecurityWeek. This article is an excerpt from

CISA Warns of Exploited Flaw in Asus Update Tool Read More »

Scroll to Top