vulnerability

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

Actively exploited SonicWall zero-day patched (CVE-2025-40602) 2025-12-17 at 18:46 By Zeljka Zorz SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be leveraged in combination […]

Actively exploited SonicWall zero-day patched (CVE-2025-40602) Read More »

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) 2025-12-17 at 16:31 By Zeljka Zorz Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) Read More »

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover 2025-12-16 at 13:45 By Ionut Arghire The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges. The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover appeared first on SecurityWeek. This article is an excerpt from

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover Read More »

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation 2025-12-16 at 11:38 By Ashish Khaitan Last week’s reports from Cyble Research & Intelligence Labs (CRIL) to clients highlighted new flaws from December 03 through December 09, 2025, including newly disclosed IT vulnerabilities, ICS vulnerabilities, active exploitation attempts, and dark-web discussions around weaponized CVEs. Drawing from CISA alerts, CRIL’s global sensor network, and Cyble’s vulnerability intelligence

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation Read More »

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins 2025-12-16 at 11:38 By Ionut Arghire Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins Read More »

Recent GeoServer Vulnerability Exploited in Attacks

Recent GeoServer Vulnerability Exploited in Attacks 2025-12-12 at 15:31 By Ionut Arghire Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent GeoServer Vulnerability Exploited in Attacks Read More »

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits 2025-12-12 at 09:51 By Eduard Kovacs Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits Read More »

Fortinet Patches Critical Authentication Bypass Vulnerabilities

Fortinet Patches Critical Authentication Bypass Vulnerabilities 2025-12-10 at 15:18 By Ionut Arghire The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled. The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortinet Patches Critical Authentication Bypass Vulnerabilities Read More »

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

Ivanti EPM Update Patches Critical Remote Code Execution Flaw 2025-12-10 at 14:39 By Ionut Arghire The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ivanti EPM Update Patches Critical Remote Code Execution Flaw Read More »

SAP Patches Critical Vulnerabilities With December 2025 Security Updates

SAP Patches Critical Vulnerabilities With December 2025 Security Updates 2025-12-10 at 14:39 By Ionut Arghire Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek. This article is an excerpt from

SAP Patches Critical Vulnerabilities With December 2025 Security Updates Read More »

Intel, AMD Processors Affected by PCIe Vulnerabilities

Intel, AMD Processors Affected by PCIe Vulnerabilities 2025-12-10 at 10:22 By Eduard Kovacs The PCIe flaws, found by Intel employees, can be exploited for information disclosure, escalation of privilege, or DoS. The post Intel, AMD Processors Affected by PCIe Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Intel, AMD Processors Affected by PCIe Vulnerabilities Read More »

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes 2025-12-10 at 08:53 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 591 vulnerabilities in the last week, and more than 30 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities.  A total of 69 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 26 received a critical severity

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes Read More »

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability 

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability  2025-12-10 at 08:53 By Ashish Khaitan The vulnerability disclosure cycle has entered a new era, one where the gap between publication and weaponization is measured in minutes, not days. It has been confirmed that China-nexus threat actors began actively exploiting a critical React Server Components flaw, React2Shell,

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability  Read More »

Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Microsoft Patches 57 Vulnerabilities, Three Zero-Days 2025-12-10 at 00:44 By Ionut Arghire Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches 57 Vulnerabilities, Three Zero-Days Read More »

Adobe Patches Nearly 140 Vulnerabilities

Adobe Patches Nearly 140 Vulnerabilities 2025-12-10 at 00:44 By Ionut Arghire The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs. The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe Patches Nearly 140 Vulnerabilities Read More »

Critical Apache Tika Vulnerability Leads to XXE Injection

Critical Apache Tika Vulnerability Leads to XXE Injection 2025-12-08 at 13:58 By Ionut Arghire The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. The post Critical Apache Tika Vulnerability Leads to XXE Injection appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection Read More »

Exploitation of React2Shell Surges

Exploitation of React2Shell Surges 2025-12-08 at 12:00 By Eduard Kovacs An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of React2Shell Surges Read More »

Chinese Hackers Exploiting React2Shell Vulnerability

Chinese Hackers Exploiting React2Shell Vulnerability 2025-12-05 at 10:30 By Eduard Kovacs AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese Hackers Exploiting React2Shell Vulnerability Read More »

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) 2025-12-04 at 14:32 By Zeljka Zorz A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) Read More »

Scroll to Top