Tag: cve
-
Tridium Niagara Framework Flaws Expose Sensitive Network Data
Tags: automation, cve, cyber, cybersecurity, data, encryption, flaw, framework, infrastructure, network, vulnerabilityCybersecurity researchers at Nozomi Networks Labs have discovered 13 critical vulnerabilities in Tridium’s widely-used Niagara Framework, potentially exposing sensitive network data across building management, industrial automation, and smart infrastructure systems worldwide. The vulnerabilities, consolidated into 10 distinct CVEs, could allow attackers to compromise systems when encryption is misconfigured, raising significant concerns for critical infrastructure security.…
-
Critical VGAuth Flaw in VMware Tools Grants Full System Access
Security researchers have uncovered critical vulnerabilities in VMware Tools’ Guest Authentication Service (VGAuth) that allow attackers to escalate privileges from any user account to full SYSTEM access on Windows virtual machines. The flaws, tracked as CVE-2025-22230 and CVE-2025-22247, affect VMware Tools 12.5.0 and earlier versions across ESXi-managed environments and standalone VMware Workstation deployments. Authentication Bypass…
-
Multiple Hacker Groups Exploit SharePoint 0-Day Vulnerability in the Wild
Tags: cve, cyber, cybercrime, exploit, flaw, group, hacker, microsoft, remote-code-execution, threat, vulnerability, zero-dayMicrosoft has confirmed that a pair of zero-day vulnerabilities in on-premises SharePoint Server, collectively dubbed ToolShell, are under active exploitation by diverse threat actors ranging from opportunistic cybercriminals to sophisticated nation-state advanced persistent threat (APT) groups. ToolShell encompasses CVE-2025-53770, a critical remote code execution (RCE) flaw allowing unauthenticated attackers to execute arbitrary code on vulnerable…
-
AWS Client VPN for Windows Vulnerability Could Allow Privilege Escalation
Amazon Web Services has disclosed a critical security vulnerability in its Client VPN software for Windows that could allow non-administrative users to escalate their privileges to root-level access during the installation process. The vulnerability, tracked as CVE-2025-8069, affects multiple versions of the AWS Client VPN client and has been addressed in the latest software update.…
-
AWS Client VPN for Windows Vulnerability Could Allow Privilege Escalation
Amazon Web Services has disclosed a critical security vulnerability in its Client VPN software for Windows that could allow non-administrative users to escalate their privileges to root-level access during the installation process. The vulnerability, tracked as CVE-2025-8069, affects multiple versions of the AWS Client VPN client and has been addressed in the latest software update.…
-
SonicWall SMA 100 Vulnerabilities Allow Remote Execution of Arbitrary JavaScript
Cybersecurity vendor SonicWall issued a critical advisory highlighting three serious vulnerabilities affecting its Secure Mobile Access (SMA) 100 series appliances. Impacting SMA 210, SMA 410, and SMA 500v models running firmware version 10.2.1.15-81sv and earlier, the flaws could allow unauthenticated remote attackers to trigger denial-of-service conditions or execute arbitrary code and JavaScript. CVE ID Vulnerability…
-
CISA Alerts on Google Chromium Input Validation Flaw Actively Exploited
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, google, infrastructure, risk, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe input validation vulnerability in Google Chromium that is currently being actively exploited by threat actors. The vulnerability, designated as CVE-2025-6558, poses significant risks to millions of users across multiple web browsers and has prompted urgent action from federal cybersecurity authorities.…
-
Sophos fixed two critical Sophos Firewall vulnerabilities
Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) in Sophos Firewall that could allow an attacker to remotely execute arbitrary code. >>Sophos has resolved five independent security vulnerabilities in Sophos Firewall. Every Critical and High severity vulnerability was…
-
Microsoft SharePoint On-Premise Vulnerability (CVE-2025-53770) Under Active Exploitation
Summary A critical zero-day vulnerability (now assigned CVE-2025-53770) has been identified in Microsoft SharePoint Server, affecting multiple on-premises versions. The flaw allows unauthenticated remote code First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/07/23/microsoft-sharepoint-on-premise-vulnerability-cve-2025-53770-under-active-exploitation/
-
Handlungsempfehlungen und Indicators of Compromise zur Sharepoint-Sicherheitslücke Toolshell von Bitdefender
Die Experten von Bitdefender bestätigen, dass Hacker aktiv die Remote-Code-Execution-(RCE) Schwachstelle , CVE-2025-53770, ausnutzen. Die Sicherheitsexperten beobachteten Angriffe in zahlreichen Ländern darunter in Deutschland, Schweiz und Österreich sowie in den Niederlanden, den Vereinigten Staaten, Kanada, Mexiko, Südafrika und Jordanien. Bitdefender hat in einer ersten technischen Analyse Anzeichen für diese Attacken IoCs (Indicators of […] First…
-
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025. Cisco confirmed attempted exploitation in the wild of recently disclosed ISE and ISE-PIC flaws (CVE-2025-20281, CVE-2025-20282, CVE-2025-20337), updating its advisory after detecting attacks in July 2025. >>Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE…
-
SharePoint under fire: new ToolShell attacks target enterprises
While SentinelOne did not attribute the attack to a specific threat actor, The Washington Post linked it to China-nexus acors. On July 19, Microsoft confirmed active exploitation of a zero-day vulnerability, tracked as CVE-2025-53770 in on-prem SharePoint Servers. The IT giant issued emergency patches for SharePoint Subscription Edition and 2019, with 2016 updates pending. Microsoft…
-
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks
Tags: attack, china, cisa, cve, cybersecurity, exploit, flaw, hacker, infrastructure, kev, microsoft, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025.”CISA is First seen on…
-
CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF
Tags: access, attack, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, software, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2025-2775 (CVSS score: 9.3) – An improper restriction of XML external entity (XXE) reference vulnerability in the First seen…
-
Apache Jena Vulnerability Allows Arbitrary File Access
Critical security vulnerabilities in Apache Jena have been disclosed that enable administrators to access and create files outside designated server directories, potentially compromising system security. Two distinct CVEs were published on July 21, 2025, affecting all versions of Apache Jena through 5.4.0, with administrators urged to upgrade to version 5.5.0 immediately to mitigate these risks.…
-
New Scanner Launched to Detect CVE-2025-53770 in SharePoint Servers
A cybersecurity researcher has released a new open-source scanner designed to detect a critical vulnerability affecting Microsoft SharePoint servers, providing organizations with a crucial tool to assess their security posture against the recently disclosed CVE-2025-53770 flaw. Rapid Response to Critical SharePoint Vulnerability Belgian cybersecurity freelancer Niels Hofmans, known by the GitHub handle >>hazcod,
-
Cisco Alerts on ISE RCE Vulnerability Actively Exploited
Cisco has issued an urgent security advisory warning that a set of critical remote code execution (RCE) vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products are being actively exploited in the wild. The flaws, tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, carry the highest possible severity rating, with a CVSS base…
-
CrushFTP zero-day actively exploited at least since July 18
Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. CrushFTP warned of a zero-day that has…
-
wolfSSL Security Update Addresses Apple Trust Store Bypass
wolfSSL has released version 5.8.2 to address several critical security vulnerabilities, with the most significant being a high-severity Apple trust store bypass flaw that could allow malicious actors to circumvent certificate verification processes on Apple platforms. Critical Apple Platform Vulnerability The most serious vulnerability, designated CVE-2025-7395, affects users of wolfSSL versions after 5.7.6 and before…
-
Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.According to a report published by JPCERT/CC today, the threat actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observed between December 2024 and July First…
-
Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices
Hardcoded credentials in HPE Aruba Instant On Wi-Fi devices, let attackers to bypass authentication and access the web interface. HPE disclosed hardcoded credentials in Aruba Instant On Wi-Fi devices that allow attackers to bypass login and access the web interface. The flaw tracked as CVE-2025-37103 (CVSS score of 9.8) impacts devices running firmware version 3.2.0.1…
-
Kubernetes Image Builder Vulnerability Grants Root Access to Windows Nodes
A critical vulnerability in the Kubernetes Image Builder has been disclosed that allows attackers to gain root access on Windows nodes by exploiting default credentials embedded in virtual machine images. Tracked as CVE-2025-7342, the flaw affects images built with the Nutanix or OVA providers in Kubernetes Image Builder versions v0.1.44 and earlier. CVE Identifier Description…
-
ToolShell: Details of CVEs Affecting SharePoint Servers
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/toolshell-affecting-sharepoint-servers/
-
Researchers Release PoC Exploit for High-Severity NVIDIA AI Toolkit Bug
Wiz Research has disclosed a severe vulnerability in the NVIDIA Container Toolkit (NCT), dubbed #NVIDIAScape and tracked as CVE-2025-23266 with a CVSS score of 9.0, enabling malicious containers to escape isolation and gain root access on host systems. This flaw, stemming from a misconfiguration in OCI hook handling, affects NCT versions up to 1.17.7 (in…
-
Microsoft Rushes Emergency Patch for Actively Exploited SharePoint ‘ToolShell’ Bug
Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and other businesses in ongoing and widespread attacks. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw
-
U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerability, zero-dayU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft SharePoint flaw, tracked as CVE-2025-53770 (“ToolShell”) (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft released emergency SharePoint updates for two zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771,…
-
New CrushFTP Critical Vulnerability Exploited in the Wild
CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crushftp-critical-vulnerability/
-
Nur Priorisieren reicht beim Schwachstellenmanagement nicht aus
Die meisten Sicherheitsteams werden mit Schwachstellenwarnungen überschwemmt. Jeder Tag bringt scheinbar eine neue Welle von CVEs mit sich, die viel Aufmerksamkeit erfordern oder als ‘kritisch” gekennzeichnet sind. Aber nicht alle Schwachstellen sind gleich und nicht alle müssen behoben werden. Viele Anbieter haben sich stark auf die Priorisierung von Schwachstellen konzentriert, um Teams dabei zu helfen, wichtige Signale…
-
Microsoft issues emergency patches for SharePoint zero-days exploited in >>ToolShell<< attacks
Microsoft patched an exploited SharePoint flaw (CVE-2025-53770) and disclosed a new one, warning of ongoing attacks on on-prem servers. Microsoft released emergency SharePoint updates for two zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, exploited since July 18 in attacks dubbed >>ToolShell.