Tag: cve
-
Storm-2603 Deploys Custom Malware Using BYOVD to Bypass Endpoint Protections
Check Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid widespread exploitation of Microsoft SharePoint Server vulnerabilities known as >>ToolShell.
-
Over 17,000 SharePoint Servers Found Exposed Online, 840 Vulnerable to Active 0-Day Attacks
Tags: attack, china, cve, cyber, cybersecurity, data-breach, finance, government, healthcare, Internet, microsoft, threat, vulnerability, zero-dayA significant cybersecurity crisis has emerged with the discovery of over 17,000 Microsoft SharePoint servers exposed to internet-based attacks, including 840 systems vulnerable to a critical zero-day vulnerability that Chinese threat actors are actively exploiting. The vulnerability, designated CVE-2025-53770 and dubbed >>ToolShell
-
Attackers actively exploit critical zero-day in Alone WordPress Theme
Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites. Threat actors are actively exploiting a critical flaw, tracked as CVE-2025-5394 (CVSS score of 9.8), in the >>Alone Charity Multipurpose Non-profit WordPress Theme
-
Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies
Exploits multiply as defenders play catch-up: Vulnerability disclosure rose by 246%, and publicly available exploits increased by 179%, with over 20000 vulnerabilities disclosed in the first half of 202535% of which already have exploit code.A backlog of 42000 vulnerabilities awaiting NVD analysis and delays in CVE enrichment leave organizations blind to many critical flaws, the…
-
Dark Reading Confidential: Funding the CVE Program of the Future
Tags: cveDark Reading Confidential Episode 8: Federal funding for the CVE Program expires in April 2026, and a trio of experts agree the industry isn’t doing enough to deal with the looming crisis. Bugcrowd’s Trey Ford, expert Adam Shostack, and CVE historian Brian Martin sit down with Dark Reading to help us figure out what a…
-
Critical SUSE Manager Vulnerability Allows Remote Command Execution as Root
A critical security vulnerability has been discovered in SUSE Manager that enables attackers to execute arbitrary commands with root privileges without any authentication. The flaw, designated as CVE-2025-46811, represents a severe threat to organizations using affected SUSE Manager deployments and has been assigned a critical CVSS score of 9.3. Vulnerability Overview The vulnerability stems from…
-
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Threat actors are actively exploiting a critical security flaw in “Alone Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites.The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug.According to Wordfence, the shortcoming relates to an arbitrary file upload First…
-
Response to CISA Alert: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities
AttackIQ has released a new emulation that compiles the Tactics, Techniques, and Procedures (TTPs) associated with the exploitation of the CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771 vulnerabilities, which affect on-premises Microsoft SharePoint servers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/response-to-cisa-alert-microsoft-releases-guidance-on-exploitation-of-sharepoint-vulnerabilities/
-
32% of exploited vulnerabilities are now zero-days or 1-days
Russian and Iranian threat activity rises: The security industry attributes only some of the newly discovered exploits to known attacker groups, and only some of those groups have known countries of origin. As a result, statistics on the origin of attacks are not perfect.During the first half of 2025, 181 of CVEs added to the…
-
Apple fixed a zero-day exploited in attacks against Google Chrome users
Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users. The vulnerability is an insufficient validation of untrusted input in ANGLE and…
-
WordPress Theme Security Vulnerability Enables to Execute Arbitrary Code Remotely
A critical security vulnerability has been discovered in the popular >>Alone
-
Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome
Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month.The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components that…
-
Auto-Color Backdoor Targets U.S. Chemical Firm via CVE-2025-31324
Tags: access, backdoor, cve, cyberattack, cybersecurity, exploit, hacker, linux, malware, sap, vulnerabilityIn a three-day cyberattack this April, hackers exploited a newly disclosed SAP vulnerability to infiltrate a U.S.-based chemicals company, deploying a stealthy Linux malware known as Auto-Color backdoor. Cybersecurity firm Darktrace says the attackers gained access through a critical flaw… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/auto-color-backdoor-cve-2025-31324/
-
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. >>In April 2025, Darktrace identified an Auto-Color backdoor malware attack…
-
CodeIgniter4 Flaw CVE-2025-54418 Enables Remote Code Execution via File Uploads
A major security flaw has been detected in the popular PHP framework CodeIgniter4. The tag of a critical vulnerability, CVE-2025-54418, was officially disclosed on July 26, 2025, targeting users with file upload attacks that could compromise millions of web applications worldwide. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/codeigniter4-vulnerability-cve-2025-54418/
-
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-sap-netweaver-bug-to-deploy-linux-auto-color-malware/
-
Auto-Color Backdoor Malware Exploits SAP Vulnerability
Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/auto-color-backdoor-exploits-sap/
-
Critical CodeIgniter Flaw Exposes Millions of Web Apps to File Upload Attacks
A critical security vulnerability in CodeIgniter4’s ImageMagick handler has been discovered that could allow attackers to execute arbitrary commands on affected web applications through malicious file uploads. The vulnerability, tracked as CVE-2025-54418, has been assigned a maximum CVSS score of 10.0, indicating its severe nature and potential for widespread exploitation. Vulnerability Overview and Attack Vectors…
-
CISA Issues Alert on PaperCut RCE Vulnerability Under Active Exploitation
Tags: cisa, cve, cyber, cybersecurity, exploit, infrastructure, kev, rce, remote-code-execution, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical PaperCut vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation attempts targeting the widely-used print management software. The vulnerability, tracked as CVE-2023-2533, represents a significant security risk that could allow attackers to execute arbitrary code on affected systems. Critical Vulnerability…
-
PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw
Tags: access, cisco, control, cve, cyber, data-breach, exploit, flaw, identity, network, remote-code-execution, service, vulnerability, zero-daySecurity researchers have published a detailed proof-of-concept exploit for a critical vulnerability in Cisco Identity Services Engine (ISE) that allows attackers to achieve remote code execution without authentication. The flaw, tracked as CVE-2025-20281, affects the widely-deployed network access control platform and has been actively exploited in the wild. Critical Zero-Day Vulnerability Exposed The vulnerability was…
-
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could First seen on thehackernews.com…
-
ToolShell: Uncovering Five Critical Vulnerabilities in Microsoft SharePoint
Security researchers from Kaspersky have detailed a sophisticated exploit chain dubbed >>ToolShell,
-
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-available-for-critical-cisco-ise-bug-exploited-in-attacks/
-
Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners…
-
Chinese ‘Fire Ant’ spies start to bite unpatched VMware instances
Tunnelling allowed lateral movement: Once inside, Fire Ant bypassed network segmentation by exploiting CVE-2022-1388 in F5 BIG-IP devices. This allowed them to deploy encrypted tunnels such as Neo-reGeorg web shells to reach isolated environments, even leveraging IPv6 to evade IPv4 filters.”The threat actor demonstrated a deep understanding of the target environment’s network architecture and policies,…
-
Chinese ‘Fire Ant’ spies start to bite unpatched VMware instances
Tunnelling allowed lateral movement: Once inside, Fire Ant bypassed network segmentation by exploiting CVE-2022-1388 in F5 BIG-IP devices. This allowed them to deploy encrypted tunnels such as Neo-reGeorg web shells to reach isolated environments, even leveraging IPv6 to evade IPv4 filters.”The threat actor demonstrated a deep understanding of the target environment’s network architecture and policies,…
-
400,000 WordPress Websites Exposed by Post SMTP Plugin Vulnerability
A critical security vulnerability has been discovered in the popular Post SMTP plugin for WordPress, potentially exposing over 400,000 websites to account takeover attacks. The vulnerability, tracked as CVE-2025-24000, affects versions 3.2.0 and below of the plugin, allowing even low-privileged users to access sensitive email data and ultimately gain administrative control of affected websites as…
-
New “ToolShell” Exploit Targets SharePoint Servers for Full Takeover
Tags: attack, cve, cyber, exploit, microsoft, remote-code-execution, threat, vulnerability, zero-dayFortiGuard Labs has identified a critical new exploit chain dubbed >>ToolShell
-
LG Innotek Camera Flaws Could Give Hackers Full Admin Access
Tags: access, authentication, cctv, control, cve, cyber, cybersecurity, flaw, hacker, risk, vulnerabilityA critical security vulnerability has been discovered in LG Innotek’s LNV5110R CCTV camera model that could allow remote attackers to gain complete administrative control over affected devices. The vulnerability, designated as CVE-2025-7742, represents a significant authentication bypass flaw that poses serious risks to organizations using these security cameras worldwide. Critical Authentication Bypass Vulnerability The Cybersecurity…