vulnerability

Vulnerabilities found in NASA’s open source software

code analysis, Don't miss, Hot stuff, NASA, News, open source, ThreatLeap, vulnerability, vulnerability disclosure /

Vulnerabilities found in NASA’s open source software 2025-05-27 at 15:48 By Zeljka Zorz Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode, is no […]

Vulnerabilities found in NASA’s open source software Read More »

Companies Warned of Commvault Vulnerability Exploitation

alert, CISA, Commvault, exploited, Malware & Threats, vulnerability /

Companies Warned of Commvault Vulnerability Exploitation 2025-05-23 at 13:48 By Ionut Arghire CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments. The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Companies Warned of Commvault Vulnerability Exploitation Read More »

Unpatched Windows Server vulnerability allows full domain compromise

Active Directory, Akamai, Don't miss, enterprise, Hot stuff, News, privileged accounts, vulnerability, Windows Server /

Unpatched Windows Server vulnerability allows full domain compromise 2025-05-22 at 18:45 By Zeljka Zorz A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server

Unpatched Windows Server vulnerability allows full domain compromise Read More »

GitLab, Atlassian Patch High-Severity Vulnerabilities

Atlassian, GitLab, Vulnerabilities, vulnerability /

GitLab, Atlassian Patch High-Severity Vulnerabilities 2025-05-22 at 08:18 By Ionut Arghire GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs. The post GitLab, Atlassian Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitLab, Atlassian Patch High-Severity Vulnerabilities Read More »

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway

ICS, ICS/OT, SCADA, vulnerability /

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway 2025-05-21 at 18:49 By Eduard Kovacs More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535. The post Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway Read More »

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities

exploited, Ivanti, Vulnerabilities, vulnerability /

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities 2025-05-21 at 12:49 By Ionut Arghire Wiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution. The post Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities Read More »

Critical OpenPGP.js Vulnerability Allows Spoofing

email security, Encryption, OpenPGP, Vulnerabilities, vulnerability /

Critical OpenPGP.js Vulnerability Allows Spoofing 2025-05-21 at 10:16 By Eduard Kovacs An OpenPGP.js vulnerability tracked as CVE-2025-47934 allows message signature verification to be spoofed.  The post Critical OpenPGP.js Vulnerability Allows Spoofing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical OpenPGP.js Vulnerability Allows Spoofing Read More »

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers 

CISA, LEV, NIST, prioritization, Vulnerabilities, vulnerability /

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  2025-05-20 at 15:39 By Eduard Kovacs The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.  The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  Read More »

O2 Service Vulnerability Exposed User Location

location tracking, Mobile & Wireless, O2, vulnerability /

O2 Service Vulnerability Exposed User Location 2025-05-20 at 13:20 By Ionut Arghire A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses. The post O2 Service Vulnerability Exposed User Location appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

O2 Service Vulnerability Exposed User Location Read More »

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025

competition, exploit, Featured, Pwn2OPwn, Pwn2Own 2025, Vulnerabilities, vulnerability /

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 2025-05-19 at 12:02 By Eduard Kovacs Pwn2Own participants demonstrated exploits against VMs, AI, browsers, servers, containers, and operating systems. The post Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 Read More »

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

Chrome, CISA, Don't miss, Google, Hot stuff, Microsoft Edge, News, security update, vulnerability, vulnerability disclosure /

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers

Don't miss, Hot stuff, Huntress, News, PoC, Samsung, SANS ISC, vulnerability /

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers 2025-05-15 at 14:18 By Zeljka Zorz Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to fix a vulnerability that’s reportedly being exploited by attackers. If this advice sounds familiar,

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers Read More »

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Chrome, exploited, PoC, Vulnerabilities, vulnerability /

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ 2025-05-15 at 11:33 By Ionut Arghire Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists. The post Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ appeared first on SecurityWeek. This article is an

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ Read More »

Vulnerabilities Patched by Juniper, VMware and Zoom 

Juniper, Patch Tuesday, VMWare, Vulnerabilities, vulnerability, Zoom /

Vulnerabilities Patched by Juniper, VMware and Zoom  2025-05-14 at 13:46 By Ionut Arghire Juniper Networks, VMware, and Zoom have announced patches for dozens of vulnerabilities across their products. The post Vulnerabilities Patched by Juniper, VMware and Zoom  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerabilities Patched by Juniper, VMware and Zoom  Read More »

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

exploited, Featured, Ivanti, Vulnerabilities, vulnerability, Zero-Day /

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers 2025-05-14 at 11:01 By Ionut Arghire Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution. The post Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers appeared first on SecurityWeek. This article is an excerpt from

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers Read More »

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)

CERT-EU, Don't miss, Endpoint Security, Hot stuff, Ivanti, News, security update, vulnerability /

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) 2025-05-13 at 20:31 By Zeljka Zorz Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install a patch as soon as possible. “The

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) Read More »

SAP Patches Another Critical NetWeaver Vulnerability

SAP, Vulnerabilities, vulnerability /

SAP Patches Another Critical NetWeaver Vulnerability 2025-05-13 at 16:01 By Ionut Arghire SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability. The post SAP Patches Another Critical NetWeaver Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

SAP Patches Another Critical NetWeaver Vulnerability Read More »

Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks

Asus, Vulnerabilities, vulnerability /

Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks 2025-05-12 at 14:30 By Ionut Arghire Two vulnerabilities in ASUS’s pre-installed software DriverHub can be exploited for remote code execution. The post Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks Read More »

Possible Zero-Day Patched in SonicWall SMA Appliances

exploited, Featured, SMA, SonicWall, Vulnerabilities, vulnerability, Zero-Day /

Possible Zero-Day Patched in SonicWall SMA Appliances 2025-05-08 at 16:11 By Ionut Arghire SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely. The post Possible Zero-Day Patched in SonicWall SMA Appliances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Possible Zero-Day Patched in SonicWall SMA Appliances Read More »

Scroll to Top