vulnerability

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability 2025-12-04 at 12:11 By Eduard Kovacs A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability Read More »

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

Critical King Addons Vulnerability Exploited to Hack WordPress Sites 2025-12-03 at 15:39 By Ionut Arghire A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from

Critical King Addons Vulnerability Exploited to Hack WordPress Sites Read More »

Chrome 143 Patches High-Severity Vulnerabilities

Chrome 143 Patches High-Severity Vulnerabilities 2025-12-03 at 10:52 By Ionut Arghire Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine. The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 143 Patches High-Severity Vulnerabilities Read More »

Android’s December 2025 Updates Patch Two Zero-Days

Android’s December 2025 Updates Patch Two Zero-Days 2025-12-02 at 15:15 By Ionut Arghire Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Android’s December 2025 Updates Patch Two Zero-Days Read More »

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers 2025-12-02 at 14:02 By Eduard Kovacs The Codex CLI vulnerability tracked as CVE-2025-61260 can be exploited for command execution. The post Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers Read More »

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack 2025-12-01 at 13:14 By Eduard Kovacs CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Read More »

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover 2025-11-25 at 15:47 By Ionut Arghire Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover Read More »

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day 2025-11-21 at 15:47 By Eduard Kovacs CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Read More »

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance 2025-11-21 at 14:41 By Ionut Arghire The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories. The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first on SecurityWeek. This article is an excerpt

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance Read More »

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability 2025-11-21 at 13:20 By Eduard Kovacs SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake. The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek. This

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability Read More »

Security gap in Perplexity’s Comet browser exposed users to system-level attacks

Security gap in Perplexity’s Comet browser exposed users to system-level attacks 2025-11-20 at 17:56 By Zeljka Zorz There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s

Security gap in Perplexity’s Comet browser exposed users to system-level attacks Read More »

Recent 7-Zip Vulnerability Exploited in Attacks

Recent 7-Zip Vulnerability Exploited in Attacks 2025-11-20 at 13:09 By Ionut Arghire A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists. The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent 7-Zip Vulnerability Exploited in Attacks Read More »

SolarWinds Patches Three Critical Serv-U Vulnerabilities

SolarWinds Patches Three Critical Serv-U Vulnerabilities 2025-11-20 at 09:32 By Eduard Kovacs SolarWinds Serv-U is affected by vulnerabilities that can be exploited for remote code execution. The post SolarWinds Patches Three Critical Serv-U Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SolarWinds Patches Three Critical Serv-U Vulnerabilities Read More »

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) 2025-11-19 at 16:46 By Zeljka Zorz NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by attackers. “Active exploitation of CVE-2025-11001 has been observed in the wild,” the alert says,

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) Read More »

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) 2025-11-19 at 13:47 By Zeljka Zorz Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 CVE-2025-58034 is an OS Command Injection flaw caused by improper neutralization of special elements. It allows authenticated attackers to execute unauthorized

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) Read More »

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week 2025-11-19 at 11:49 By Ionut Arghire An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week Read More »

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking 2025-11-14 at 15:22 By Eduard Kovacs A vulnerability in ImunifyAV can be exploited for arbitrary code execution by uploading a malicious file to shared servers. The post Imunify360 Vulnerability Could Expose Millions of Sites to Hacking appeared first on SecurityWeek. This article is an excerpt from

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking Read More »

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn 2025-11-14 at 14:10 By Zeljka Zorz A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on vulnerable, internet-facing devices. Whether intentionally or accidentally, the vulnerability (or this specific path for triggering it) has

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn Read More »

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure 2025-11-13 at 17:50 By Eduard Kovacs A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token.  The post ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure Read More »

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again)

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again) 2025-11-13 at 17:14 By Zeljka Zorz CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In CISA’s analysis of agency-reported data, CISA has identified devices marked as ‘patched’

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again) Read More »

Scroll to Top