vulnerability

Adobe Patches Critical Vulnerability in Connect Collaboration Suite

Adobe, Vulnerabilities, vulnerability /

Adobe Patches Critical Vulnerability in Connect Collaboration Suite 2025-10-15 at 07:40 By Ionut Arghire Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio. The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe Patches Critical Vulnerability in Connect Collaboration Suite Read More »

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws

Endpoint Security, Featured, Microsoft, patch, Patch Tuesday, vulnerability /

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws 2025-10-15 at 07:40 By Ionut Arghire The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects. The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws Read More »

Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data

CVE-2025-61884, Oracle, Oracle E-Business Suite, Oracle hack, Vulnerabilities, vulnerability /

Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data 2025-10-13 at 16:03 By Eduard Kovacs It’s unclear if the new Oracle E-Business Suite flaw, which can be exploited remotely without authentication, has been used in the wild.   The post Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data appeared first on SecurityWeek. This article is

Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data Read More »

Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)

CVE, Don't miss, Hot stuff, News, Oracle, vulnerability /

Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884) 2025-10-12 at 13:18 By Zeljka Zorz Oracle has revealed the existence of yet another remotely exploitable Oracle E-Business Suite vulnerability (CVE-2025-61884). About CVE-2025-61884 CVE-2025-61884 is a vulnerability in the Runtime user interface in the Oracle Configurator product of Oracle E-Business Suite (EBS). Like CVE-2025-61882 before

Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884) Read More »

Juniper Networks Patches Critical Junos Space Vulnerabilities

Juniper, Junos OS, Vulnerabilities, vulnerability /

Juniper Networks Patches Critical Junos Space Vulnerabilities 2025-10-10 at 13:40 By Ionut Arghire Patches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws. The post Juniper Networks Patches Critical Junos Space Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Juniper Networks Patches Critical Junos Space Vulnerabilities Read More »

GitHub Copilot Chat Flaw Leaked Data From Private Repositories

AI, Artificial Intelligence, Data leak, GitHub, GitHub Copilot, vulnerability /

GitHub Copilot Chat Flaw Leaked Data From Private Repositories 2025-10-09 at 14:04 By Ionut Arghire Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code. The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitHub Copilot Chat Flaw Leaked Data From Private Repositories Read More »

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844)

BSI, Don't miss, Hot stuff, News, Redis, vulnerability, Wiz /

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) 2025-10-07 at 16:36 By Zeljka Zorz Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system. “This flaw allows a post auth

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) Read More »

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks

exploited, Fortra, GoAnywhere, Ransomware, Vulnerabilities, vulnerability, Zero-Day /

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks 2025-10-07 at 12:40 By Ionut Arghire The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks Read More »

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk

Microsoft, Steam, Unity, Valve, Vulnerabilities, vulnerability /

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk 2025-10-06 at 17:12 By Ionut Arghire The flaw could lead to local code execution, allowing attackers to access confidential information on devices running Unity-built applications. The post Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk appeared first on SecurityWeek.

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk Read More »

Organizations Warned of Exploited Meteobridge Vulnerability

CISA KEV, exploited, Meteobridge, Vulnerabilities, vulnerability /

Organizations Warned of Exploited Meteobridge Vulnerability 2025-10-03 at 13:49 By Ionut Arghire Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Organizations Warned of Exploited Meteobridge Vulnerability Read More »

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks

OpenSSL, private key recovery, Vulnerabilities, vulnerability /

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks 2025-10-01 at 17:08 By Eduard Kovacs Three vulnerabilities have been patched with the release of OpenSSL updates.  The post OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks Read More »

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 

VMWare, Vulnerabilities, vulnerability /

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  2025-09-30 at 14:33 By Ionut Arghire The flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames. The post High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  Read More »

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247)

backup, consumer, data security, Don't miss, Hot stuff, NAS, News, SMBs, vulnerability, Western Digital /

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247) 2025-09-30 at 14:11 By Zeljka Zorz Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has urged users to upgrade as soon as possible. About CVE-2025-30247 Western Digital’s My Cloud

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247) Read More »

Akira ransomware: From SonicWall VPN login to encryption in under four hours

Arctic Wolf Networks, credentials, Don't miss, enterprise, Hot stuff, MFA, News, Ransomware, SMBs, SonicWall, vulnerability /

Akira ransomware: From SonicWall VPN login to encryption in under four hours 2025-09-29 at 18:47 By Zeljka Zorz Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have warned. Armed with SonicWall SSL VPN credentials stolen in earlier

Akira ransomware: From SonicWall VPN login to encryption in under four hours Read More »

No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking

Cognex, ICS, ICS/OT, vulnerability /

No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking 2025-09-26 at 14:18 By Eduard Kovacs Cognex is advising customers to transition to newer versions of its machine vision products. The post No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking Read More »

SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399)

Don't miss, Hot stuff, News, patch, SolarWinds, vulnerability /

SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) 2025-09-24 at 19:44 By Zeljka Zorz SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular web-based IT ticketing and asset management solution. While the vulnerability is currently not being leveraged by attackers, they might soon reverse-engineer the

SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) Read More »

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers

email security, ESG, exploited, Libraesva, Vulnerabilities, vulnerability /

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers 2025-09-24 at 12:10 By Ionut Arghire Tracked as CVE-2025-59689, the command injection bug could be triggered via malicious emails containing crafted compressed attachments. The post Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers Read More »

APIs and hardware are under attack, and the numbers don’t look good

access control, API security, Bugcrowd, cybersecurity, Don't miss, hardware, News, report, vulnerability /

APIs and hardware are under attack, and the numbers don’t look good 2025-09-24 at 08:35 By Sinisa Markovic Attackers have a new favorite playground, and it’s not where many security teams are looking. According to fresh data from Bugcrowd, vulnerabilities in hardware and APIs are climbing fast, even as website flaws hold steady. The shift

APIs and hardware are under attack, and the numbers don’t look good Read More »

Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack

BMC, Endpoint Security, patch bypass, Supermicro, vulnerability /

Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack 2025-09-23 at 21:45 By Eduard Kovacs Binarly researchers have found a way to bypass a patch for a previously disclosed vulnerability.  The post Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack Read More »

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)

Don't miss, enterprise, Fortra, News, security update, SMBs, VulnCheck, vulnerability /

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) 2025-09-22 at 14:20 By Zeljka Zorz If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting your instance compromised via CVE-2025-10035. About CVE-2025-10035 CVE-2025-10035 is a critical deserialization

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) Read More »

Scroll to Top