Fortra Patches Critical GoAnywhere MFT Vulnerability 2025-09-22 at 10:54 By Ionut Arghire Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. The post Fortra Patches Critical GoAnywhere MFT Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fortra Patches Critical GoAnywhere MFT Vulnerability Read More »
Many networking devices are still vulnerable to pixie dust attack 2025-09-17 at 18:22 By Zeljka Zorz Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, Netrise researchers have confirmed. WPS and the pixie dust attack Wi-Fi Protected Setup (WPS)
Many networking devices are still vulnerable to pixie dust attack Read More »
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm 2025-09-12 at 11:47 By Eduard Kovacs KioSoft was notified about a serious NFC card vulnerability in 2023 and only recently claimed to have released a patch. The post Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm appeared
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm Read More »
Akira ransomware affiliates continue breaching organizations via SonicWall firewalls 2025-09-11 at 18:25 By Zeljka Zorz Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting it. Like last September and earlier this year, the attackers are affiliates of the Akira
Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Read More »
Critical Chrome Vulnerability Earns Researcher $43,000 2025-09-11 at 16:35 By Ionut Arghire Google patched a critical use-after-free vulnerability in Chrome that could potentially lead to code execution. The post Critical Chrome Vulnerability Earns Researcher $43,000 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical Chrome Vulnerability Earns Researcher $43,000 Read More »
Default Cursor setting can be exploited to run malicious code on developers’ machines 2025-09-11 at 14:02 By Zeljka Zorz An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have warned. An exploitable vulnerability in the Cursor AI editor Cursor is
Default Cursor setting can be exploited to run malicious code on developers’ machines Read More »
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday 2025-09-10 at 13:56 By Zeljka Zorz On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively exploited. Among the critical and important vulnerabilities patched by Microsoft
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday Read More »
Microsoft Patches 86 Vulnerabilities 2025-09-09 at 21:57 By Eduard Kovacs Microsoft has released patches for dozens of flaws in Windows and other products, including ones with ‘exploitation more likely’ rating. The post Microsoft Patches 86 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Microsoft Patches 86 Vulnerabilities Read More »
Adobe Patches Critical ColdFusion and Commerce Vulnerabilities 2025-09-09 at 21:21 By Eduard Kovacs Adobe has patched nearly two dozen vulnerabilities across nine of its products with its September 2025 Patch Tuesday updates. The post Adobe Patches Critical ColdFusion and Commerce Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Adobe Patches Critical ColdFusion and Commerce Vulnerabilities Read More »
Plex tells users to change passwords due to data breach, pushes server owners to upgrade 2025-09-09 at 19:42 By Zeljka Zorz Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third party accessed a limited subset of customer data from
Plex tells users to change passwords due to data breach, pushes server owners to upgrade Read More »
Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool 2025-09-05 at 16:44 By Ionut Arghire Called A2, the framework mimics human analysis to identify vulnerabilities in Android applications and then validates them. The post Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool Read More »
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) 2025-09-05 at 15:03 By Zeljka Zorz A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a report
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) Read More »
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) 2025-09-04 at 16:58 By Zeljka Zorz Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) Read More »
macOS vulnerability allowed Keychain and iOS app decryption without a password 2025-09-04 at 15:41 By Mirko Zorz Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the
macOS vulnerability allowed Keychain and iOS app decryption without a password Read More »
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 2025-08-27 at 14:29 By Zeljka Zorz Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server (PMS) is
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Read More »
Docker Desktop Vulnerability Leads to Host Compromise 2025-08-26 at 14:34 By Ionut Arghire A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Docker Desktop Vulnerability Leads to Host Compromise Read More »
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »
Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets
Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »
Password Managers Vulnerable to Data Theft via Clickjacking 2025-08-21 at 15:18 By Eduard Kovacs A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks. The post Password Managers Vulnerable to Data Theft via Clickjacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Password Managers Vulnerable to Data Theft via Clickjacking Read More »
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) 2025-08-20 at 19:25 By Zeljka Zorz A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) Read More »