vulnerability

Year-Old WordPress Plugin Flaws Exploited to Hack Websites

Year-Old WordPress Plugin Flaws Exploited to Hack Websites 2025-10-27 at 12:57 By Ionut Arghire Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced. The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Year-Old WordPress Plugin Flaws Exploited to Hack Websites Read More »

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks 2025-10-25 at 23:58 By Kevin Townsend Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox. The post OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks Read More »

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) 2025-10-24 at 15:38 By Zeljka Zorz Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About CVE-2025-59287 WSUS is a tool that helps

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) Read More »

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) 2025-10-23 at 14:39 By Zeljka Zorz Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked over 250 exploitation attempts targeting multiple stores on Wednesday, and expects the attacks to continue at pace. About

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) Read More »

BIND Updates Address High-Severity Cache Poisoning Flaws

BIND Updates Address High-Severity Cache Poisoning Flaws 2025-10-23 at 13:31 By Ionut Arghire The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache. The post BIND Updates Address High-Severity Cache Poisoning Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

BIND Updates Address High-Severity Cache Poisoning Flaws Read More »

Lanscope Endpoint Manager Zero-Day Exploited in the Wild

Lanscope Endpoint Manager Zero-Day Exploited in the Wild 2025-10-23 at 13:05 By Ionut Arghire The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog. The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is

Lanscope Endpoint Manager Zero-Day Exploited in the Wild Read More »

TARmageddon Flaw in Popular Rust Library Leads to RCE

TARmageddon Flaw in Popular Rust Library Leads to RCE 2025-10-22 at 20:40 By Ionut Arghire The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries. The post TARmageddon Flaw in Popular Rust Library Leads to RCE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TARmageddon Flaw in Popular Rust Library Leads to RCE Read More »

Critical Vulnerabilities Patched in TP-Link’s Omada Gateways

Critical Vulnerabilities Patched in TP-Link’s Omada Gateways 2025-10-22 at 17:12 By Eduard Kovacs One of the flaws can be exploited by remote unauthenticated attackers for arbitrary command execution. The post Critical Vulnerabilities Patched in TP-Link’s Omada Gateways appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Vulnerabilities Patched in TP-Link’s Omada Gateways Read More »

Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw

Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw 2025-10-21 at 13:46 By Ionut Arghire Affecting the Fireware OS iked process, the vulnerability can lead to remote code execution and does not require authentication. The post Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw appeared first on SecurityWeek. This article is an

Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw Read More »

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) 2025-10-20 at 20:10 By Zeljka Zorz Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s no mention of these flaws being exploited in the wild, but due

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) Read More »

ConnectWise Patches Critical Flaw in Automate RMM Tool

ConnectWise Patches Critical Flaw in Automate RMM Tool 2025-10-20 at 16:07 By Ionut Arghire Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations. The post ConnectWise Patches Critical Flaw in Automate RMM Tool appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

ConnectWise Patches Critical Flaw in Automate RMM Tool Read More »

Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks

Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks 2025-10-20 at 12:49 By Ionut Arghire On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction. The post Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks Read More »

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability 2025-10-17 at 15:59 By Ionut Arghire CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek. This article is an

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability Read More »

Gladinet Patches Exploited CentreStack Vulnerability

Gladinet Patches Exploited CentreStack Vulnerability 2025-10-17 at 11:19 By Ionut Arghire The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue. The post Gladinet Patches Exploited CentreStack Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Gladinet Patches Exploited CentreStack Vulnerability Read More »

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) 2025-10-16 at 19:52 By Zeljka Zorz CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation. Adobe fixed the vulnerability in August 2025, along with CVE-2025-54254,

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) Read More »

Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking

Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking 2025-10-16 at 15:17 By Eduard Kovacs Fuji Electric has released patches and Japan’s JPCERT has informed organizations about the vulnerabilities.  The post Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking Read More »

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China 2025-10-16 at 07:33 By Sinisa Markovic Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that can be hacked through Bluetooth Their tests show

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China Read More »

Adobe Patches Critical Vulnerability in Connect Collaboration Suite

Adobe Patches Critical Vulnerability in Connect Collaboration Suite 2025-10-15 at 07:40 By Ionut Arghire Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio. The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe Patches Critical Vulnerability in Connect Collaboration Suite Read More »

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws 2025-10-15 at 07:40 By Ionut Arghire The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects. The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws Read More »

Scroll to Top