vulnerability

Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases

Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases 2025-11-13 at 07:38 By Ionut Arghire Google and Mozilla have released fresh Chrome and Firefox updates that address multiple high-severity security defects. The post Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases appeared first on SecurityWeek. This article is an excerpt […]

Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases Read More »

High-Severity Vulnerabilities Patched by Ivanti and Zoom

High-Severity Vulnerabilities Patched by Ivanti and Zoom 2025-11-12 at 14:44 By Ionut Arghire Ivanti and Zoom resolved security defects that could lead to arbitrary file writes, elevation of privilege, code execution, and information disclosure. The post High-Severity Vulnerabilities Patched by Ivanti and Zoom appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

High-Severity Vulnerabilities Patched by Ivanti and Zoom Read More »

Microsoft Patches Actively Exploited Windows Kernel Zero-Day

Microsoft Patches Actively Exploited Windows Kernel Zero-Day 2025-11-11 at 23:07 By Eduard Kovacs Microsoft’s latest Patch Tuesday updates address more than 60 vulnerabilities in Windows and other products. The post Microsoft Patches Actively Exploited Windows Kernel Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches Actively Exploited Windows Kernel Zero-Day Read More »

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) 2025-11-11 at 17:38 By Zeljka Zorz CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian agencies to address it by the start of December. “This type of vulnerability is a frequent attack

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) Read More »

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager 2025-11-11 at 16:59 By Ionut Arghire Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager Read More »

QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland

QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland 2025-11-10 at 16:49 By Ionut Arghire Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions. The post QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland Read More »

Runc Vulnerabilities Can Be Exploited to Escape Containers

Runc Vulnerabilities Can Be Exploited to Escape Containers 2025-11-10 at 16:29 By Eduard Kovacs The flaws tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 have been patched. The post Runc Vulnerabilities Can Be Exploited to Escape Containers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Runc Vulnerabilities Can Be Exploited to Escape Containers Read More »

Two New Web Application Risk Categories Added to OWASP Top 10

Two New Web Application Risk Categories Added to OWASP Top 10 2025-11-10 at 15:21 By Ionut Arghire OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications. The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first

Two New Web Application Risk Categories Added to OWASP Top 10 Read More »

Data Exposure Vulnerability Found in Deep Learning Tool Keras

Data Exposure Vulnerability Found in Deep Learning Tool Keras 2025-11-07 at 15:41 By Ionut Arghire The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks. The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek. This article is an excerpt from

Data Exposure Vulnerability Found in Deep Learning Tool Keras Read More »

Chrome 142 Update Patches High-Severity Flaws

Chrome 142 Update Patches High-Severity Flaws 2025-11-07 at 12:35 By Ionut Arghire An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution. The post Chrome 142 Update Patches High-Severity Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 142 Update Patches High-Severity Flaws Read More »

Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354)

Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) 2025-11-06 at 17:16 By Zeljka Zorz Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root. The good news is that there is currently no evidence of

Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) Read More »

Cisco Patches Critical Vulnerabilities in Contact Center Appliance

Cisco Patches Critical Vulnerabilities in Contact Center Appliance 2025-11-06 at 14:50 By Ionut Arghire The flaws allow attackers to execute arbitrary code remotely and elevate their privileges to root on an affected system. The post Cisco Patches Critical Vulnerabilities in Contact Center Appliance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Cisco Patches Critical Vulnerabilities in Contact Center Appliance Read More »

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) 2025-11-05 at 14:59 By Zeljka Zorz On Tuesday, CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-11371, which affects Gladinet’s CentreStack and Triofox file-sharing and remote access platforms, and CVE-2025-48703, a vulnerability in Control Web Panel (CWP), a web hosting control panel designed for

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) Read More »

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks 2025-11-04 at 18:39 By Eduard Kovacs Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux.  The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek. This article is

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks Read More »

Apple Patches 19 WebKit Vulnerabilities 

Apple Patches 19 WebKit Vulnerabilities  2025-11-04 at 13:25 By Ionut Arghire Apple has released iOS 26.1 and macOS Tahoe 26.1 with patches for over 100 vulnerabilities, including critical flaws. The post Apple Patches 19 WebKit Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Apple Patches 19 WebKit Vulnerabilities  Read More »

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities 2025-11-03 at 12:27 By Ionut Arghire The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine. The post Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities Read More »

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491)

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) 2025-10-31 at 17:09 By Zeljka Zorz A Windows vulnerability (CVE-2025-9491, aka ZDI-CAN-25373) that state-sponsored threat actors and cybercrime groups have been quietly leveraging since at least 2017 continues to be exploited for attacks. “Arctic Wolf Labs assesses with high confidence that [the campaign they detected]

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) Read More »

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation 2025-10-29 at 12:54 By Ionut Arghire Exploits have been available publicly for over half a year, but the bug was previously targeted only for reconnaissance. The post XWiki Vulnerability Exploited in Cryptocurrency Mining Operation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation Read More »

PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)

PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) 2025-10-28 at 19:27 By Zeljka Zorz A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network

PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) Read More »

Scroll to Top