Tag: cve
-
Apache Tomcat Path Traversal Vulnerability (CVE-2025-55752) Notice
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Tomcat path traversal vulnerability (CVE-2025-55752); This vulnerability is a flaw introduced when fixing CVE-2016-5388. Since the rewritten URL is normalized before URL decoding, if the system is configured with rewrite rules to rewrite query parameters into the URL, an authenticated…The…
-
CISA Issues Alert on Active Exploitation of Dassault Systèmes Security Flaws
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, mitigation, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding two severe vulnerabilities discovered in Dassault Systèmes DELMIA Apriso, a widely used manufacturing execution system. The agency has added these flaws to its official list of vulnerabilities that pose immediate risks to organisations and require urgent mitigation action. CVE ID Product…
-
CISA Issues Alert on Active Exploitation of Dassault Systèmes Security Flaws
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, mitigation, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding two severe vulnerabilities discovered in Dassault Systèmes DELMIA Apriso, a widely used manufacturing execution system. The agency has added these flaws to its official list of vulnerabilities that pose immediate risks to organisations and require urgent mitigation action. CVE ID Product…
-
Active Exploits Hit Dassault and XWiki, CISA Confirms Critical Flaws Under Attack
Tags: attack, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, threat, vulnerabilityThreat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck.The vulnerabilities are listed below -CVE-2025-6204 (CVSS score: 8.0) – A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to First…
-
BSI-Warnung vor Watchguard-Firebox Firewall-Angriffen
In den Watchguard Firebox Firewalls ist seit Mitte September 2025 die Schwachstelle CVE-2025-9242 bekannt und sollte längst gepatcht sein. Aber dieser Vorgang läuft schleppend, und das Bundesamt für Sicherheit in der Informationsverarbeitung (BSI) warnte kürzlich, dass in Deutschland noch 7.000 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/29/bsi-warnung-vor-watchguard-firebox-firewall-angriffen/
-
XWiki Remote Code Execution Flaw Actively Weaponized for Coinmining
Tags: crypto, cve, cyber, cybersecurity, exploit, flaw, malware, remote-code-execution, software, threat, vulnerabilityA critical security vulnerability in XWiki collaboration software is being actively exploited by threat actors to deploy cryptocurrency mining malware on vulnerable systems. The flaw, tracked as CVE-2025-24893, represents a serious threat to organizations running unpatched XWiki installations. Cybersecurity researchers at VulnCheck have captured concrete evidence of active exploitation through their canary network. CVE Details…
-
XWiki Remote Code Execution Flaw Actively Weaponized for Coinmining
Tags: crypto, cve, cyber, cybersecurity, exploit, flaw, malware, remote-code-execution, software, threat, vulnerabilityA critical security vulnerability in XWiki collaboration software is being actively exploited by threat actors to deploy cryptocurrency mining malware on vulnerable systems. The flaw, tracked as CVE-2025-24893, represents a serious threat to organizations running unpatched XWiki installations. Cybersecurity researchers at VulnCheck have captured concrete evidence of active exploitation through their canary network. CVE Details…
-
BSI-Warnung vor Watchguard-Firebox Firewall-Angriffen
In den Watchguard Firebox Firewalls ist seit Mitte September 2025 die Schwachstelle CVE-2025-9242 bekannt und sollte längst gepatcht sein. Aber dieser Vorgang läuft schleppend, und das Bundesamt für Sicherheit in der Informationsverarbeitung (BSI) warnte kürzlich, dass in Deutschland noch 7.000 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/29/bsi-warnung-vor-watchguard-firebox-firewall-angriffen/
-
Microsoft Issues Alert on ASP.NET Flaw Allowing HTTP Request Smuggling Attacks
Microsoft has released a critical security update addressing a severe vulnerability in ASP.NET Core that could enable attackers to execute HTTP request smuggling attacks. On October 14, 2025, the company issued patches for CVE-2025-55315, a security feature bypass flaw affecting the Kestrel web server component with an alarming CVSS score of 9.9, placing it in…
-
CVE-2025-62725: From “docker compose ps” to System Compromise
Docker Compose powers millions of workflows, from CI/CD runners and local development stacks to cloud workspaces and enterprise build pipelines. It’s trusted by developers as the friendly layer above Docker Engine that turns a few YAML lines into a running application. In early October 2025, while exploring Docker Compose’s new support for OCI-based Compose artifacts,……
-
CVE-2025-62725: From “docker compose ps” to System Compromise
Docker Compose powers millions of workflows, from CI/CD runners and local development stacks to cloud workspaces and enterprise build pipelines. It’s trusted by developers as the friendly layer above Docker Engine that turns a few YAML lines into a running application. In early October 2025, while exploring Docker Compose’s new support for OCI-based Compose artifacts,……
-
Oracle EBS Attack Victims May Be More Numerous Than Expected
Numerous organizations have been attacked via Oracle EBS zero-day CVE-2025-61882, and evidence suggests more like Schneider Electric could be on that list. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/oracle-ebs-attack-victims-more-numerous-expected
-
Google probes exploitation of critical Windows service CVE
Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/google-threat-researchers-probe-exploitation-critical-cve-wsus/803985/
-
Beyond The CVE: Deep Container Analysis with Anchore
As an Associate Professor of Cybersecurity, I spend a lot of time thinking about risk, and increasingly, that risk lives within the software supply chain. The current industry focus on CVEs is a necessary, but ultimately insufficient, approach to securing modern, containerized applications. Frankly, relying on basic vulnerability scanning alone is like putting a single……
-
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign
CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/28/dante-spyware-chrome-zero-day/
-
Docker mit Sicherheitslücke CVE-2025-9164: Warum eine manuelle Installation empfehlenswert ist
Docker mit Sicherheitslücke. Docker Desktop ist unter Windows bis Version 4.48.0 von einer DLL-Hijacking-Sicherheitslücke betroffen. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/cyberangriffe/docker-mit-sicherheitsluecke-cve-2025-9164-warum-eine-manuelle-installation-empfehlenswert-ist-322257.html
-
Pi-hole XSS CVE-2025-53533: kritische Sicherheitslücke entdeckt
Pi-hole XSS CVE-2025-53533. In der DNS-Software in der Weboberfläche. Der Template-Fehler im Webfrontend kann gravierende Folgen haben. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/cyberangriffe/pi-hole-xss-cve-2025-53533-kritische-sicherheitsluecke-entdeckt-322254.html
-
Critical ASP.NET flaw hits QNAP NetBak PC Agent
QNAP warns of critical ASP.NET flaw (CVE-2025-55315) in NetBak PC Agent, letting attackers hijack credentials or bypass security via HTTP smuggling. QNAP urges users to patch a critical ASP.NET Core vulnerability, tracked as CVE-2025-55315 (CVSS score of 9.9), in its NetBak PC Agent for Windows. The flaw resides in the Kestrel server and lets low-privilege…
-
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
-
Actively Exploited WSUS Bug Added to CISA KEV List
Sysadmins are urged to patch WSUS vulnerability CVE-2025-59287 as soon as possible, with federal agencies required to update by November 14 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/actively-exploited-wsus-bug-cisa/
-
Actively Exploited WSUS Bug Added to CISA KEV List
Sysadmins are urged to patch WSUS vulnerability CVE-2025-59287 as soon as possible, with federal agencies required to update by November 14 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/actively-exploited-wsus-bug-cisa/
-
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
-
Gamaredon Phishing Campaign Exploits WinRAR Vulnerability to Target Government Agencies
Tags: attack, cve, cyber, cybersecurity, exploit, government, group, malicious, phishing, software, threat, vulnerabilityCybersecurity researchers have uncovered a sophisticated phishing campaign orchestrated by the notorious Gamaredon threat group, specifically targeting government entities through exploitation of a critical WinRAR vulnerability. The attack leverages CVE-2025-8088, a path traversal vulnerability in the popular file compression software, to deliver weaponized RAR archives that silently deploy malicious payloads without requiring user interaction beyond…
-
Apache Tomcat Flaws Allow Remote Code Execution on Vulnerable Servers
The Apache Software Foundation has disclosed two security vulnerabilities affecting multiple versions of Apache Tomcat, with one flaw posing a serious risk of remote code execution on vulnerable servers. The flaws impact Apache Tomcat versions 9, 10, and 11, prompting urgent warnings for administrators to upgrade their installations immediately. CVE ID Vulnerability Severity CVSS Score…
-
Apache Tomcat Flaws Allow Remote Code Execution on Vulnerable Servers
The Apache Software Foundation has disclosed two security vulnerabilities affecting multiple versions of Apache Tomcat, with one flaw posing a serious risk of remote code execution on vulnerable servers. The flaws impact Apache Tomcat versions 9, 10, and 11, prompting urgent warnings for administrators to upgrade their installations immediately. CVE ID Vulnerability Severity CVSS Score…
-
Chrome 0-Day Exploited by Mem3nt0 Mori in Espionage Attacks
Hackers exploit a Chrome 0-day to deploy spyware in attacks tied to Mem3nt0 Mori. Google patches CVE-2025-2783; users urged to update fast. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chrome-zero-day-exploit-spyware/
-
How to Take Vulnerability Management to the Next Level and Supercharge Your Career
Tags: access, ai, attack, authentication, awareness, business, ciso, cloud, compliance, cve, cvss, cybersecurity, data, exploit, flaw, framework, governance, identity, metric, mfa, risk, skills, strategy, technology, tool, update, vulnerability, vulnerability-managementAt Tenable, we believe the next generation of great CISOs and security leaders will arise from those vulnerability management professionals who are driving the shift to exposure management today. Key takeaways: Vulnerability management is crucial for the evolution toward a more strategic, business-aligned approach to cybersecurity, that’s why these professionals are best positioned to lead…