Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) 2025-10-20 at 20:10 By Zeljka Zorz Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s no mention of these flaws being exploited in the wild, but due […]
ConnectWise Patches Critical Flaw in Automate RMM Tool 2025-10-20 at 16:07 By Ionut Arghire Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations. The post ConnectWise Patches Critical Flaw in Automate RMM Tool appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
ConnectWise Patches Critical Flaw in Automate RMM Tool Read More »
Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks 2025-10-20 at 12:49 By Ionut Arghire On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction. The post Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks Read More »
‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability 2025-10-17 at 15:59 By Ionut Arghire CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek. This article is an
‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability Read More »
Gladinet Patches Exploited CentreStack Vulnerability 2025-10-17 at 11:19 By Ionut Arghire The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue. The post Gladinet Patches Exploited CentreStack Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Gladinet Patches Exploited CentreStack Vulnerability Read More »
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) 2025-10-16 at 19:52 By Zeljka Zorz CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation. Adobe fixed the vulnerability in August 2025, along with CVE-2025-54254,
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) Read More »
Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking 2025-10-16 at 15:17 By Eduard Kovacs Fuji Electric has released patches and Japan’s JPCERT has informed organizations about the vulnerabilities. The post Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking Read More »
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China 2025-10-16 at 07:33 By Sinisa Markovic Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that can be hacked through Bluetooth Their tests show
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China Read More »
Adobe Patches Critical Vulnerability in Connect Collaboration Suite 2025-10-15 at 07:40 By Ionut Arghire Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio. The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Adobe Patches Critical Vulnerability in Connect Collaboration Suite Read More »
Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws 2025-10-15 at 07:40 By Ionut Arghire The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects. The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws Read More »
Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data 2025-10-13 at 16:03 By Eduard Kovacs It’s unclear if the new Oracle E-Business Suite flaw, which can be exploited remotely without authentication, has been used in the wild. The post Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data appeared first on SecurityWeek. This article is
Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data Read More »
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884) 2025-10-12 at 13:18 By Zeljka Zorz Oracle has revealed the existence of yet another remotely exploitable Oracle E-Business Suite vulnerability (CVE-2025-61884). About CVE-2025-61884 CVE-2025-61884 is a vulnerability in the Runtime user interface in the Oracle Configurator product of Oracle E-Business Suite (EBS). Like CVE-2025-61882 before
Juniper Networks Patches Critical Junos Space Vulnerabilities 2025-10-10 at 13:40 By Ionut Arghire Patches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws. The post Juniper Networks Patches Critical Junos Space Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Juniper Networks Patches Critical Junos Space Vulnerabilities Read More »
GitHub Copilot Chat Flaw Leaked Data From Private Repositories 2025-10-09 at 14:04 By Ionut Arghire Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code. The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
GitHub Copilot Chat Flaw Leaked Data From Private Repositories Read More »
Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) 2025-10-07 at 16:36 By Zeljka Zorz Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system. “This flaw allows a post auth
Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) Read More »
Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks 2025-10-07 at 12:40 By Ionut Arghire The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks Read More »
Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk 2025-10-06 at 17:12 By Ionut Arghire The flaw could lead to local code execution, allowing attackers to access confidential information on devices running Unity-built applications. The post Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk appeared first on SecurityWeek.
Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk Read More »
Organizations Warned of Exploited Meteobridge Vulnerability 2025-10-03 at 13:49 By Ionut Arghire Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Organizations Warned of Exploited Meteobridge Vulnerability Read More »
OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks 2025-10-01 at 17:08 By Eduard Kovacs Three vulnerabilities have been patched with the release of OpenSSL updates. The post OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks Read More »
High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 2025-09-30 at 14:33 By Ionut Arghire The flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames. The post High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter Read More »