vulnerability

Critical Apache Parquet Vulnerability Leads to Remote Code Execution

Apache Parquet, Vulnerabilities, vulnerability /

Critical Apache Parquet Vulnerability Leads to Remote Code Execution 2025-04-04 at 13:18 By Ionut Arghire A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise. The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from […]

React to this headline:

Loading spinner

Critical Apache Parquet Vulnerability Leads to Remote Code Execution Read More »

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

cyber espionage, Don't miss, Hot stuff, Ivanti, Mandiant, News, VPN, vulnerability /

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) 2025-04-03 at 21:01 By Zeljka Zorz A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability

React to this headline:

Loading spinner

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) Read More »

Halo ITSM Vulnerability Exposed Organizations to Remote Hacking

Halo, HaloITSM, SQL injection, Vulnerabilities, vulnerability /

Halo ITSM Vulnerability Exposed Organizations to Remote Hacking 2025-04-03 at 18:46 By Eduard Kovacs An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data. The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Halo ITSM Vulnerability Exposed Organizations to Remote Hacking Read More »

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

CISA, Cisco, Don't miss, expl, Hot stuff, News, SANS ISC, vulnerability /

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) 2025-04-03 at 16:15 By Zeljka Zorz CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up

React to this headline:

Loading spinner

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) Read More »

Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks

Cisco, patch, Vulnerabilities, vulnerability /

Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks 2025-04-03 at 13:06 By Ionut Arghire Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email. The post Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks Read More »

Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities 2025-04-02 at 12:05 By Ionut Arghire Chrome 135 and Firefox 137 were released on Tuesday with fixes for several high-severity memory safety vulnerabilities. The post Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities Read More »

Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals

Palo Alto Networks, scanning, Vulnerabilities, vulnerability /

Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals 2025-04-01 at 18:49 By Ionut Arghire GreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances. The post Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals Read More »

Critical Vulnerability Found in Canon Printer Drivers

Canon, printer, Vulnerabilities, vulnerability /

Critical Vulnerability Found in Canon Printer Drivers 2025-04-01 at 14:55 By Eduard Kovacs Microsoft’s offensive security team warned Canon about a critical code execution vulnerability in printer drivers.  The post Critical Vulnerability Found in Canon Printer Drivers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Critical Vulnerability Found in Canon Printer Drivers Read More »

CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability

CrushFTP, exploited, Vulnerabilities, vulnerability /

CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability 2025-04-01 at 14:21 By Eduard Kovacs Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161. The post CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability Read More »

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

Chrome, Don't miss, Firefox, Hot stuff, Kaspersky, News, Opera, security update, Tor, vulnerability /

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) 2025-03-28 at 12:57 By Zeljka Zorz Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857)

React to this headline:

Loading spinner

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) Read More »

Splunk Patches Dozens of Vulnerabilities

patch, Splunk, Vulnerabilities, vulnerability /

Splunk Patches Dozens of Vulnerabilities 2025-03-27 at 20:03 By Ionut Arghire Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App. The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Splunk Patches Dozens of Vulnerabilities Read More »

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP, Don't miss, enterprise, file-sharing, Hot stuff, News, security update, SMBs, vulnerability /

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) 2025-03-27 at 13:14 By Zeljka Zorz CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day

React to this headline:

Loading spinner

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) Read More »

More Solar System Vulnerabilities Expose Power Grids to Hacking 

energy, Featured, ICS, ICS/OT, solar, Vulnerabilities, vulnerability /

More Solar System Vulnerabilities Expose Power Grids to Hacking  2025-03-27 at 12:32 By Eduard Kovacs Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA. The post More Solar System Vulnerabilities Expose Power Grids to Hacking  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

More Solar System Vulnerabilities Expose Power Grids to Hacking  Read More »

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras

camera, ICS, ICS/OT, Inaba, Vulnerabilities, vulnerability /

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras 2025-03-26 at 14:32 By Eduard Kovacs Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched. The post Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras Read More »

Critical Next.js Vulnerability in Hacker Crosshairs

exploited, Next.js, Vulnerabilities, vulnerability /

Critical Next.js Vulnerability in Hacker Crosshairs 2025-03-26 at 12:55 By Ionut Arghire Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js. The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Critical Next.js Vulnerability in Hacker Crosshairs Read More »

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover

AWS, containers, Don't miss, Google, Hot stuff, Kubernetes, News, vulnerability, Wiz /

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover 2025-03-25 at 18:54 By Zeljka Zorz Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering

React to this headline:

Loading spinner

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover Read More »

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

Cloudflare, Don't miss, framework, Hot stuff, News, Next.js, open source, PoC, ProjectDiscovery, vulnerability, web application security, web development /

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) 2025-03-24 at 15:17 By Zeljka Zorz A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel).

React to this headline:

Loading spinner

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) Read More »

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)

backup, disaster recovery, Don't miss, enterprise, Hot stuff, MSP, Nakivo, News, PoC, SMBs, vulnerability, WatchTowr /

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has

React to this headline:

Loading spinner

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »

Veeam Patches Critical Vulnerability in Backup & Replication

Veeam, Vulnerabilities, vulnerability /

Veeam Patches Critical Vulnerability in Backup & Replication 2025-03-20 at 15:11 By Ionut Arghire Veeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication. The post Veeam Patches Critical Vulnerability in Backup & Replication appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Veeam Patches Critical Vulnerability in Backup & Replication Read More »

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

backup, Don't miss, enterprise, Hot stuff, News, PoC, Rapid7, SMBs, Veeam Software, vulnerability, WatchTowr /

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) 2025-03-20 at 14:29 By Zeljka Zorz Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the

React to this headline:

Loading spinner

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Read More »

Scroll to Top