vulnerability

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers

Don't miss, Hot stuff, Huntress, News, PoC, Samsung, SANS ISC, vulnerability /

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers 2025-05-15 at 14:18 By Zeljka Zorz Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to fix a vulnerability that’s reportedly being exploited by attackers. If this advice sounds familiar, […]

React to this headline:

Loading spinner

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers Read More »

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Chrome, exploited, PoC, Vulnerabilities, vulnerability /

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ 2025-05-15 at 11:33 By Ionut Arghire Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists. The post Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ Read More »

Vulnerabilities Patched by Juniper, VMware and Zoom 

Juniper, Patch Tuesday, VMWare, Vulnerabilities, vulnerability, Zoom /

Vulnerabilities Patched by Juniper, VMware and Zoom  2025-05-14 at 13:46 By Ionut Arghire Juniper Networks, VMware, and Zoom have announced patches for dozens of vulnerabilities across their products. The post Vulnerabilities Patched by Juniper, VMware and Zoom  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Vulnerabilities Patched by Juniper, VMware and Zoom  Read More »

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

exploited, Featured, Ivanti, Vulnerabilities, vulnerability, Zero-Day /

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers 2025-05-14 at 11:01 By Ionut Arghire Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution. The post Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers Read More »

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)

CERT-EU, Don't miss, Endpoint Security, Hot stuff, Ivanti, News, security update, vulnerability /

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) 2025-05-13 at 20:31 By Zeljka Zorz Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install a patch as soon as possible. “The

React to this headline:

Loading spinner

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) Read More »

SAP Patches Another Critical NetWeaver Vulnerability

SAP, Vulnerabilities, vulnerability /

SAP Patches Another Critical NetWeaver Vulnerability 2025-05-13 at 16:01 By Ionut Arghire SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability. The post SAP Patches Another Critical NetWeaver Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

SAP Patches Another Critical NetWeaver Vulnerability Read More »

Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks

Asus, Vulnerabilities, vulnerability /

Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks 2025-05-12 at 14:30 By Ionut Arghire Two vulnerabilities in ASUS’s pre-installed software DriverHub can be exploited for remote code execution. The post Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks Read More »

Possible Zero-Day Patched in SonicWall SMA Appliances

exploited, Featured, SMA, SonicWall, Vulnerabilities, vulnerability, Zero-Day /

Possible Zero-Day Patched in SonicWall SMA Appliances 2025-05-08 at 16:11 By Ionut Arghire SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely. The post Possible Zero-Day Patched in SonicWall SMA Appliances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Possible Zero-Day Patched in SonicWall SMA Appliances Read More »

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)

Don't miss, Hot stuff, News, Rapid7, security update, SMBs, SonicWall, VPN, vulnerability /

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) 2025-05-08 at 15:38 By Zeljka Zorz SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have also

React to this headline:

Loading spinner

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) Read More »

Dozens of SysAid Instances Vulnerable to Remote Hacking

PoC, SysAid, Vulnerabilities, vulnerability /

Dozens of SysAid Instances Vulnerable to Remote Hacking 2025-05-08 at 12:46 By Eduard Kovacs SysAid patches IT service management software vulnerabilities that can be chained for unauthenticated remote command execution.  The post Dozens of SysAid Instances Vulnerable to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Dozens of SysAid Instances Vulnerable to Remote Hacking Read More »

PoC exploit for SysAid pre-auth RCE released, upgrade quickly!

Don't miss, enterprise, Hot stuff, ITSM, News, PoC, SMBs, SysAid, vulnerability, WatchTowr /

PoC exploit for SysAid pre-auth RCE released, upgrade quickly! 2025-05-07 at 15:45 By Zeljka Zorz WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service management and IT helpdesk solutions – to achieve unauthenticated remote code execution on

React to this headline:

Loading spinner

PoC exploit for SysAid pre-auth RCE released, upgrade quickly! Read More »

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)

Android, Don't miss, Google, Hot stuff, News, security update, vulnerability /

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) 2025-05-07 at 13:03 By Zeljka Zorz Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that renders

React to this headline:

Loading spinner

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) Read More »

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

Censys, Don't miss, exploit, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability /

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) 2025-05-06 at 16:19 By Zeljka Zorz A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2025-3248

React to this headline:

Loading spinner

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) Read More »

Critical Vulnerability in AI Builder Langflow Under Attack

AI, Artificial Intelligence, CISA KEV, exploited, Langflow, vulnerability /

Critical Vulnerability in AI Builder Langflow Under Attack 2025-05-06 at 14:33 By Ionut Arghire CISA warns organizations that threat actors are exploiting a critical-severity vulnerability in low-code AI builder Langflow. The post Critical Vulnerability in AI Builder Langflow Under Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Critical Vulnerability in AI Builder Langflow Under Attack Read More »

Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)

Arctic Wolf Networks, botnet, Don't miss, Hot stuff, News, PoC, Samsung, SANS ISC, vulnerability /

Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) 2025-05-06 at 13:03 By Zeljka Zorz An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being leveraged by attackers. Exploit attempts have been flagged by the SANS Internet Storm Center and Arctic Wolf researchers:

React to this headline:

Loading spinner

Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) Read More »

Critical Commvault Vulnerability in Attacker Crosshairs

Commvault, exploited, Vulnerabilities, vulnerability /

Critical Commvault Vulnerability in Attacker Crosshairs 2025-05-05 at 15:32 By Ionut Arghire CISA has flagged a critical-severity Commvault vulnerability as exploited one week after technical details were released. The post Critical Commvault Vulnerability in Attacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Critical Commvault Vulnerability in Attacker Crosshairs Read More »

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

CISA, Don't miss, exploit, Hot stuff, News, PoC, SMBs, SonicWall, vulnerability, WatchTowr /

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) 2025-05-02 at 16:18 By Zeljka Zorz Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise Sonicwall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog,

React to this headline:

Loading spinner

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) Read More »

SonicWall Flags Two More Vulnerabilities as Exploited

exploited, SonicWall, Vulnerabilities, vulnerability /

SonicWall Flags Two More Vulnerabilities as Exploited 2025-05-01 at 13:01 By Ionut Arghire SonicWall has updated the advisories for two vulnerabilities to warn that they are being exploited in the wild. The post SonicWall Flags Two More Vulnerabilities as Exploited appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

SonicWall Flags Two More Vulnerabilities as Exploited Read More »

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities

apple, Don't miss, Hot stuff, IoT, News, Oligo Security, vulnerability /

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities 2025-04-30 at 16:31 By Zeljka Zorz Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise AirPlay-enabled devices developed and sold by Apple and by other companies. “Because AirPlay is a fundamental piece of software for Apple

React to this headline:

Loading spinner

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities Read More »

Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites

CMS, Craft, exploited, Vulnerabilities, vulnerability, Zero-Day /

Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites 2025-04-28 at 17:32 By Ionut Arghire Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites. The post Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites Read More »

Scroll to Top