vulnerability

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113)

CERT-PL, Don't miss, exploit, FearsOff, Hot stuff, News, PoC, Roundcube, Shadowserver, vulnerability /

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) 2025-06-09 at 15:18 By Zeljka Zorz With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. According to the Shadowserver Foundation, there […]

React to this headline:

Loading spinner

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) Read More »

HPE Patches Critical Vulnerability in StoreOnce

HPE StoreOnce, Vulnerabilities, vulnerability /

HPE Patches Critical Vulnerability in StoreOnce 2025-06-06 at 12:12 By Ionut Arghire An HPE StoreOnce vulnerability allows attackers to bypass authentication, potentially leading to remote code execution. The post HPE Patches Critical Vulnerability in StoreOnce appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

HPE Patches Critical Vulnerability in StoreOnce Read More »

Over 30 Vulnerabilities Patched in Android

Android, Mobile & Wireless, mobile security, vulnerability /

Over 30 Vulnerabilities Patched in Android 2025-06-03 at 15:03 By Eduard Kovacs The latest Android updates fix vulnerabilities in Runtime, Framework, System, and third-party components of the mobile OS. The post Over 30 Vulnerabilities Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Over 30 Vulnerabilities Patched in Android Read More »

Technical Details Published for Critical Cisco IOS XE Vulnerability

Cisco, exploit, PoC, Vulnerabilities, vulnerability /

Technical Details Published for Critical Cisco IOS XE Vulnerability 2025-06-02 at 13:00 By Ionut Arghire The critical flaw, tracked as CVE-2025-20188 (CVSS score of 10/10), allows attackers to execute arbitrary code remotely. The post Technical Details Published for Critical Cisco IOS XE Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Technical Details Published for Critical Cisco IOS XE Vulnerability Read More »

The Week in Vulnerabilities: Firefox, Roundcube and ICS Flaws Flagged by Cyble

honeypot sensors, ICS Vulnerabilities, IT vulnerabilities, vulnerability /

The Week in Vulnerabilities: Firefox, Roundcube and ICS Flaws Flagged by Cyble 2025-05-28 at 17:30 By daksh sharma Cyble vulnerability intelligence researchers investigated nearly 100 IT and industrial control system (ICS) vulnerabilities this week and flagged eight as meriting high-priority attention by security teams – including two targeted by Russian threat actors. In all, Cyble

React to this headline:

Loading spinner

The Week in Vulnerabilities: Firefox, Roundcube and ICS Flaws Flagged by Cyble Read More »

Latest Security Advisory Highlights Critical Vulnerabilities Impacting Ivanti, MDaemon, Zimbra, and More

CVE-2025-4427, Ivanti, vulnerability /

Latest Security Advisory Highlights Critical Vulnerabilities Impacting Ivanti, MDaemon, Zimbra, and More 2025-05-28 at 17:30 By daksh sharma CISA’s latest advisory report reveals critical vulnerabilities in Ivanti, MDaemon, Zimbra, and more. Patches are available for flaws like CVE-2025-4427 in Ivanti EPMM. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

Latest Security Advisory Highlights Critical Vulnerabilities Impacting Ivanti, MDaemon, Zimbra, and More Read More »

The Week in Vulnerabilities: IT, ICS Fixes Prioritized by Cyble

ICS, IT, vulnerability /

The Week in Vulnerabilities: IT, ICS Fixes Prioritized by Cyble 2025-05-28 at 17:30 By daksh sharma Cyble vulnerability researchers identified nine high-priority fixes for IT security teams and two vulnerable ICS products. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

The Week in Vulnerabilities: IT, ICS Fixes Prioritized by Cyble Read More »

Attackers hit MSP, use its RMM software to deliver ransomware to clients

Don't miss, Hot stuff, MSP, News, Ransomware, remote management, SimpleHelp, SMBs, Sophos, vulnerability /

Attackers hit MSP, use its RMM software to deliver ransomware to clients 2025-05-28 at 14:36 By Zeljka Zorz A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via SimpleHelp, a legitimate remote monitoring and management (RMM) tool. “Sophos MDR has medium

React to this headline:

Loading spinner

Attackers hit MSP, use its RMM software to deliver ransomware to clients Read More »

Vulnerabilities found in NASA’s open source software

code analysis, Don't miss, Hot stuff, NASA, News, open source, ThreatLeap, vulnerability, vulnerability disclosure /

Vulnerabilities found in NASA’s open source software 2025-05-27 at 15:48 By Zeljka Zorz Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode, is no

React to this headline:

Loading spinner

Vulnerabilities found in NASA’s open source software Read More »

Companies Warned of Commvault Vulnerability Exploitation

alert, CISA, Commvault, exploited, Malware & Threats, vulnerability /

Companies Warned of Commvault Vulnerability Exploitation 2025-05-23 at 13:48 By Ionut Arghire CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments. The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Companies Warned of Commvault Vulnerability Exploitation Read More »

Unpatched Windows Server vulnerability allows full domain compromise

Active Directory, Akamai, Don't miss, enterprise, Hot stuff, News, privileged accounts, vulnerability, Windows Server /

Unpatched Windows Server vulnerability allows full domain compromise 2025-05-22 at 18:45 By Zeljka Zorz A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server

React to this headline:

Loading spinner

Unpatched Windows Server vulnerability allows full domain compromise Read More »

GitLab, Atlassian Patch High-Severity Vulnerabilities

Atlassian, GitLab, Vulnerabilities, vulnerability /

GitLab, Atlassian Patch High-Severity Vulnerabilities 2025-05-22 at 08:18 By Ionut Arghire GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs. The post GitLab, Atlassian Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

GitLab, Atlassian Patch High-Severity Vulnerabilities Read More »

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway

ICS, ICS/OT, SCADA, vulnerability /

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway 2025-05-21 at 18:49 By Eduard Kovacs More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535. The post Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway Read More »

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities

exploited, Ivanti, Vulnerabilities, vulnerability /

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities 2025-05-21 at 12:49 By Ionut Arghire Wiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution. The post Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities Read More »

Critical OpenPGP.js Vulnerability Allows Spoofing

email security, Encryption, OpenPGP, Vulnerabilities, vulnerability /

Critical OpenPGP.js Vulnerability Allows Spoofing 2025-05-21 at 10:16 By Eduard Kovacs An OpenPGP.js vulnerability tracked as CVE-2025-47934 allows message signature verification to be spoofed.  The post Critical OpenPGP.js Vulnerability Allows Spoofing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Critical OpenPGP.js Vulnerability Allows Spoofing Read More »

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers 

CISA, LEV, NIST, prioritization, Vulnerabilities, vulnerability /

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  2025-05-20 at 15:39 By Eduard Kovacs The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.  The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  Read More »

O2 Service Vulnerability Exposed User Location

location tracking, Mobile & Wireless, O2, vulnerability /

O2 Service Vulnerability Exposed User Location 2025-05-20 at 13:20 By Ionut Arghire A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses. The post O2 Service Vulnerability Exposed User Location appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

O2 Service Vulnerability Exposed User Location Read More »

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025

competition, exploit, Featured, Pwn2OPwn, Pwn2Own 2025, Vulnerabilities, vulnerability /

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 2025-05-19 at 12:02 By Eduard Kovacs Pwn2Own participants demonstrated exploits against VMs, AI, browsers, servers, containers, and operating systems. The post Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 Read More »

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

Chrome, CISA, Don't miss, Google, Hot stuff, Microsoft Edge, News, security update, vulnerability, vulnerability disclosure /

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google

React to this headline:

Loading spinner

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »

Scroll to Top