vulnerability

Most critical vulnerabilities aren’t worth your attention

cyber risk, cybersecurity, Datadog, News, report, survey, vulnerability /

Most critical vulnerabilities aren’t worth your attention 2025-04-28 at 07:03 By Help Net Security Web applications face a wide range of risks, including known-exploitable vulnerabilities, supply chain attacks, and insecure identity configurations in CI/CD, according to the Datadog State of DevSecOps 2025 report. 14% of Java services still contain at least one vulnerability By analyzing […]

React to this headline:

Loading spinner

Most critical vulnerabilities aren’t worth your attention Read More »

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)

Don't miss, Hot stuff, News, OPSWAT, Ruby, security update, vulnerability, web application security /

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) 2025-04-25 at 12:39 By Zeljka Zorz Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate

React to this headline:

Loading spinner

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) Read More »

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)

backup, Commvault, Data Protection, Don't miss, Hot stuff, News, PoC, vulnerability, WatchTowr /

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) 2025-04-24 at 15:35 By Zeljka Zorz If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-34028) that could allow unauthenticated remote code execution.

React to this headline:

Loading spinner

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) Read More »

Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw

Cisco, Erlang OTP, Vulnerabilities, vulnerability /

Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw 2025-04-24 at 13:03 By Eduard Kovacs Cisco is investigating the impact of the Erlang/OTP remote code execution vulnerability CVE-2025-32433 on its products. The post Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw Read More »

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

Arctic Wolf Networks, Don't miss, exploit, Horizon3.ai, Hot stuff, News, Platform Security, PoC, ProDefense, Ruhr University Bochum, SSH, vulnerability /

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) 2025-04-22 at 15:48 By Zeljka Zorz There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by

React to this headline:

Loading spinner

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) Read More »

SSL.com Scrambles to Patch Certificate Issuance Vulnerability 

certificates, SSL.com, Vulnerabilities, vulnerability /

SSL.com Scrambles to Patch Certificate Issuance Vulnerability  2025-04-22 at 15:48 By Ionut Arghire A vulnerability in SSL.com has resulted in nearly a dozen certificates for legitimate domains being wrongly issued. The post SSL.com Scrambles to Patch Certificate Issuance Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

SSL.com Scrambles to Patch Certificate Issuance Vulnerability  Read More »

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)

CISA, Don't miss, Hot stuff, News, SMBs, SonicWall, vulnerability /

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) 2025-04-18 at 14:47 By Zeljka Zorz CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating the original security advisory to reflect the new state of play, and by changing the description of the vulnerability

React to this headline:

Loading spinner

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) Read More »

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

0patch, APT, Check Point, Don't miss, enterprise, exploit, Government, HarfangLab, Hot stuff, News, phishing, vulnerability, Windows /

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) 2025-04-17 at 16:52 By Zeljka Zorz CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. “Active exploitation in the wild has been observed

React to this headline:

Loading spinner

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) Read More »

Vulnerabilities Patched in Atlassian, Cisco Products

Atlassian, Cisco, patch, Vulnerabilities, vulnerability /

Vulnerabilities Patched in Atlassian, Cisco Products 2025-04-17 at 16:52 By Ionut Arghire Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs. The post Vulnerabilities Patched in Atlassian, Cisco Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Vulnerabilities Patched in Atlassian, Cisco Products Read More »

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

Erlang OTP, SSH, Vulnerabilities, vulnerability /

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking 2025-04-17 at 15:19 By Eduard Kovacs Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH. The post Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking Read More »

SonicWall Flags Old Vulnerability as Actively Exploited

exploited, Featured, SMA, SonicWall, Vulnerabilities, vulnerability /

SonicWall Flags Old Vulnerability as Actively Exploited 2025-04-17 at 14:05 By Eduard Kovacs A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild. The post SonicWall Flags Old Vulnerability as Actively Exploited appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

SonicWall Flags Old Vulnerability as Actively Exploited Read More »

Critical Vulnerability Found in Apache Roller Blog Server

Apache Roller, Vulnerabilities, vulnerability /

Critical Vulnerability Found in Apache Roller Blog Server 2025-04-16 at 14:44 By Ionut Arghire A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes. The post Critical Vulnerability Found in Apache Roller Blog Server appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Critical Vulnerability Found in Apache Roller Blog Server Read More »

Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities 2025-04-16 at 14:01 By Ionut Arghire Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities. The post Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities Read More »

Critical flaws fixed in Nagios Log Server

Don't miss, enterprise, exploit, Hot stuff, log management, Nagios Log Server, News, PoC, SMBs, vulnerability /

Critical flaws fixed in Nagios Log Server 2025-04-15 at 13:47 By Zeljka Zorz The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The vulnerabilities, discovered and reported by security researchers Seth Kraft and Alex Tisdale, include: 1. A stored XSS vulnerability

React to this headline:

Loading spinner

Critical flaws fixed in Nagios Log Server Read More »

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices

BSI, Don't miss, Fortinet, FortiOS, Hot stuff, News, vulnerability /

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices 2025-04-11 at 21:05 By Zeljka Zorz A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original

React to this headline:

Loading spinner

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices Read More »

SonicWall Patches High-Severity Vulnerability in NetExtender

SonicWall, Vulnerabilities, vulnerability /

SonicWall Patches High-Severity Vulnerability in NetExtender 2025-04-11 at 14:18 By Ionut Arghire SonicWall has released fixes for three vulnerabilities in NetExtender for Windows, including a high-severity bug. The post SonicWall Patches High-Severity Vulnerability in NetExtender appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

SonicWall Patches High-Severity Vulnerability in NetExtender Read More »

Juniper Networks Patches Dozens of Junos Vulnerabilities

Juniper, Junos, Vulnerabilities, vulnerability /

Juniper Networks Patches Dozens of Junos Vulnerabilities 2025-04-10 at 16:46 By Ionut Arghire Juniper Networks has patched two dozen vulnerabilities in Junos OS and Junos OS Evolved, and dozens of flaws in Junos Space third-party dependencies. The post Juniper Networks Patches Dozens of Junos Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Juniper Networks Patches Dozens of Junos Vulnerabilities Read More »

Study Identifies 20 Most Vulnerable Connected Devices of 2025

Forescout, ICS/OT, IoT Security, report, router, vulnerability /

Study Identifies 20 Most Vulnerable Connected Devices of 2025 2025-04-10 at 15:03 By Ionut Arghire Routers are the riskiest devices in enterprise networks as they contain the most critical vulnerabilities, a new Forescout report shows. The post Study Identifies 20 Most Vulnerable Connected Devices of 2025 appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Study Identifies 20 Most Vulnerable Connected Devices of 2025 Read More »

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)

Don't miss, Fortinet, Hot stuff, networking, News, vulnerability /

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) 2025-04-10 at 13:18 By Zeljka Zorz Fortinet has released patches for flaws affecting many of its products, among them a critical vulnerability (CVE-2024-48887) in its FortiSwitch appliances that could allow unauthenticated attackers to gain access to and administrative privileges on vulnerable devices. About CVE-2024-48887 Fortinet

React to this headline:

Loading spinner

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) Read More »

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)

Don't miss, Hot stuff, Meta, News, vulnerability, WhatsApp, Windows /

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) 2025-04-09 at 16:00 By Zeljka Zorz WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that

React to this headline:

Loading spinner

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) Read More »

Scroll to Top