Tag: cve
-
CVE-2025-40552 bis CVE-2025-40554 – Solardwind schließt vier kritische Schwachstellen im Web Help Desk
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-in-solarwinds-web-help-desk-geschlossen-a-3e14fd7dcc299df0d6b7b302665b0c39/
-
CISA Confirms VMware ESXi 0-Day Vulnerability Exploited in Ransomware Operations
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, ransomware, vmware, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting VMware ESXi to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-22225, this zero-day flaw allows attackers to escape security sandboxes. It is currently being leveraged in active ransomware operations. Technical Analysis of CVE-2025-22225 The vulnerability is classified as an arbitrary write memory…
-
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
Tags: attack, cve, cybersecurity, exploit, flaw, group, infrastructure, ransomware, vmware, vulnerabilityRansomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirms that ransomware gangs are exploiting the VMware ESXi sandbox escape flaw CVE-2025-22225. The vulnerability is an arbitrary write issue in VMware ESXi. An attackers with privileges within the VMX process may trigger an arbitrary…
-
SolarWinds RCE bug makes Cisa list as exploitation spreads
Exploitation of CVE-2025-40551, an RCE flaw affecting SolarWinds Web Help Desk, appears to be spreading, and defenders are on high alert. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638837/SolarWinds-RCE-bug-makes-Cisa-list-as-exploitation-spreads
-
CISA Makes Unpublicized Ransomware Updates to KEV Catalog
A third of the flipped CVEs affected network edge devices, leading one researcher to conclude, Ransomware operators are building playbooks around your perimeter. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cisa-hidden-ransomware-updates-kev-catalog
-
TP-Link Vulnerabilities Let Hackers Take Full Control of Devices
TP-Link has disclosed multiple critical authenticated command injection vulnerabilities affecting the Archer BE230 v1.2 Wi-Fi router, enabling attackers with administrative access to execute arbitrary commands and seize complete control of affected devices. Security researchers jro, caprinuxx, and sunshinefactory discovered nine distinct vulnerabilities tracked under separate CVE identifiers. The flaws impact various components of the router’s…
-
Russian hackers exploited a critical Office bug within days of disclosure
One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
-
CISA Warns of Exploited GitLab Community and Enterprise SSRF Vulnerability
Tags: api, cisa, cve, cyber, cybersecurity, exploit, flaw, gitlab, infrastructure, kev, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical server-side request forgery (SSRF) vulnerability affecting GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2021-39935, is now confirmed to be under active exploitation in the wild. Vulnerability Details The SSRF vulnerability in GitLab’s CI Lint API…
-
SolarWinds Web Help Desk Vulnerability Actively Exploited
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/solarwinds-web-help-desk/
-
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
Tags: cisa, cve, cybersecurity, data, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks.The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote…
-
Hackers Actively Exploit React Native Metro Server to Target Software Developers
Threat actors are exploiting a critical remote code execution vulnerability in React Native’s Metro development server to deploy sophisticated malware payloads targeting software developers worldwide. The vulnerability, tracked as CVE-2025-11953 and nicknamed >>Metro4Shell,<< allows unauthenticated attackers to execute arbitrary operating system commands on developer machines through a simple crafted HTTP request. Vulnerability Overview CVE-2025-11953 carries a critical…
-
ASUS Discontinues “File Shredder” Feature to Patch Critical Vulnerability
ASUS has discontinued the File Shredder feature in its Business Manager software following the discovery of a critical security vulnerability, CVE-2025-13348. The company issued a security bulletin on February 2, 2026, addressing a flaw affecting ASUS Business Manager version 3.0.36.0 and earlier releases. Rather than patching the vulnerability through conventional updates, ASUS opted to remove…
-
CISA orders federal agencies to patch exploited SolarWinds bug by Friday
CVE-2025-40551 carries a critical severity score of 9.8 out of 10 and impacts SolarWinds Web Help Desk (WHD), an IT service management platform used by many large organizations to handle ticketing, asset tracking and other tasks. First seen on therecord.media Jump to article: therecord.media/cisa-orders-agencies-patch-solarwinds-vuln
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
Using AI Agents to Separate Real Risk From Vulnerability Noise
Snir Ben Shimol, CEO and co-founder of Zest Security, talks about why vulnerability and exposure management has become one of the most stubborn problems in security operations. Ben Shimol argues that the numbers are getting worse, not better. Exploitation has become the top initial access path, new CVEs keep piling up and teams are still..…
-
Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU
Ukraine’s computer emergency response team, CERT-UA, said attackers began abusing the flaw, tracked as CVE-2026-21509, shortly after Microsoft disclosed it in early January. First seen on therecord.media Jump to article: therecord.media/russian-state-hackers-exploit-new-microsoft-flaw
-
Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure
Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a…
-
Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)
Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/russian-hackers-are-exploiting-recently-patched-microsoft-office-vulnerability-cve-2026-21509/
-
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular “@react-native-community/cli” npm package.Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary First seen on thehackernews.com…
-
JFrog Researchers Surface Vulnerabilities in AI Automation Platform from n8n
JFrog security researchers have discovered a pair of critical vulnerabilities in a workflow automation platform from n8n that makes use of large language models (LLMs) to execute tasks. A CVE-2026-1470 vulnerability, rated 9.9, enables a malicious actor to remotely execute JavaScript code by manipulating a Statement capability in the n8n platform that is used to..…
-
Apache Syncope Vulnerability Allows Attackers to Hijack Active User Sessions
Apache Syncope, a popular open-source identity and access management platform, has disclosed a critical XML External Entity (XXE) vulnerability in its Console component. The vulnerability, tracked as CVE-2026-23795, allows authenticated administrators to execute XXE attacks and extract sensitive data from affected systems. Security researchers Follycat and Y0n3er discovered the flaw, which affects multiple versions of…
-
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania,…
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-exploit-recently-patched-microsoft-office-bug-in-attacks/
-
Zero-Day in Microsoft Office Enables Stealthy Malware Infections
Tags: cve, cyber, exploit, government, infection, infrastructure, malicious, malware, microsoft, office, vulnerability, zero-dayMicrosoft disclosed a critical zero-day vulnerability in Office products on January 26, 2026, tracked as CVE-2026-21509, with active exploitation in the wild confirmed. The vulnerability enables attackers to deploy sophisticated malware through malicious document files, targeting government organizations and critical infrastructure. Indicator Type Value CVE CVE-2026-21509 Malicious Domains freefoodaid[.]com, wellnesscaremed[.]com, wellnessmedcare[.]org C2 Infrastructure *.filen.net, *.filen.io…
-
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link.The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token…
-
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 CVE-2026-1340) in its EPMM software. First seen on hackread.com Jump to article: hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/
-
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 CVE-2026-1340) in its EPMM software. First seen on hackread.com Jump to article: hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/