Tag: cve
-
Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server
Tags: cve, cyber, flaw, malicious, microsoft, network, remote-code-execution, update, vulnerability, windowsMicrosoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious code across networks without user interaction. The vulnerability, tracked as CVE-2025-47981, affects Windows client machines running Windows 10 version 1607 and above, potentially exposing millions of systems to cyberattacks. Critical Security Vulnerability Details TheSPNEGO Extended…
-
Microsoft Patches 137 CVEs in July, but No Zero-Days
Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-patches-137-cves-no-zero-days
-
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known.The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these…
-
Microsoft Patch Tuesday: One Zero-Day and A Potential ‘Wormable’ Flaw
CVE-2025-47981 has the “unfortunate hallmarks of becoming a significant problem,” said WatchTowr’s CEO First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-patch-tuesday-july-2025/
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
Microsoft Patches ‘Wormable’ Critical Flaw, Discloses ‘Whopping’ Number Of Bug Fixes
The 130 CVEs (Common Vulnerabilities and Exposures) disclosed in Microsoft’s monthly release of security fixes includes a remote code execution flaw that ‘definitely’ should be prioritized for patching, writes Trend Micro’s Dustin Childs. First seen on crn.com Jump to article: www.crn.com/news/security/2025/microsoft-patches-wormable-critical-flaw-discloses-whopping-number-of-bug-fixes
-
Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)
With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/08/cve-2025-5777-indicators-of-compromise/
-
CISA Alerts on Active Exploit of Ruby on Rails Path Traversal Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical path traversal vulnerability in Ruby on Rails, designated as CVE-2019-5418. The agency added this five-year-old security flaw to its Known Exploited Vulnerabilities (KEV) catalog on July 7, 2025, signaling that threat actors are actively leveraging this…
-
PoC Exploits Released for CitrixBleed2: 127 Bytes Exfiltrated Per Request
Security researchers have released proof-of-concept exploits forCVE-2025-5777, a critical vulnerability in Citrix NetScaler ADC and Gateway devices dubbed >>CitrixBleed2.
-
How a 12-year-old bug in Sudo is still haunting Linux users
Sudo is trusting the wrong host: CVE-2025-32462, which remained unnoticed for over 12 years, requires a specific, but common configuration of restricting Sudo rules to certain hostnames or hostname patterns.According to the researchers, the sudoers file uses flexible syntax to suit any organization size, allowing a single configuration to work across Linux and UNIX systems…
-
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox.The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating First seen on…
-
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox.The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating First seen on…
-
DNN Vulnerability Exposes NTLM Credentials via Unicode Normalization Bypass
Security researchers have discovered a critical vulnerability in DNN (formerly DotNetNuke), one of the oldest open-source content management systems, that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique. The vulnerability, tracked as CVE-2025-52488, affects the widely-used enterprise CMS platform and demonstrates how defensive coding measures can be circumvented through carefully…
-
CISA Issues Alert Over Actively Exploited Flaw in Zimbra Collaboration Suite
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), urging organizations to take immediate action to mitigate the threat. The flaw, tracked as CVE-2019-9621, is a server-side request forgery (SSRF) vulnerability that resides in the ProxyServlet component of ZCS and has…
-
CISA Issues Alert Over Actively Exploited Flaw in Zimbra Collaboration Suite
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), urging organizations to take immediate action to mitigate the threat. The flaw, tracked as CVE-2019-9621, is a server-side request forgery (SSRF) vulnerability that resides in the ProxyServlet component of ZCS and has…
-
Sicherheit ist mehr als nur ein Wert Bewertungen unter die Lupe genommen
Tags: cveFirst seen on security-insider.de Jump to article: www.security-insider.de/management-software-lieferketten-schwachstellen-a-9a6f5ade22ebc6b05a081febf61bb864/
-
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of flaws is as follows -CVE-2014-3931 (CVSS score: 9.8) – A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to…
-
Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/public-exploits-released-for-citrixbleed-2-netscaler-flaw-patch-now/
-
Discovery of compromised Shellter security tool raises disclosure debate
ensure that any testing is legal and authorized;respect the privacy of others;make reasonable efforts to contact the security team of the organization;provide sufficient details to allow the vulnerabilities to be verified and reproduced;not demand payment or rewards for reporting vulnerabilities outside of an established bug bounty program.Organizations shouldprovide a clear method for researchers to securely…
-
Public exploits released for CitrixBleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/public-exploits-released-for-citrixbleed-2-netscaler-flaw-patch-now/
-
Comodo Internet Security 2025 Flaws Allow Remote Code Execution With SYSTEM Privileges
Security researchers have uncovered a series of critical vulnerabilities in Comodo Internet Security 2025, exposing users to remote code execution (RCE) attacks that could grant threat actors SYSTEM-level privileges. These flaws affect Comodo Internet Security Premium version 12.3.4.8162 and potentially other recent releases, putting both individual and enterprise users at risk. CVE ID Vulnerability Type…
-
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is…
-
Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning
A critical vulnerability, tracked asCVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and <15.1.8, allowed attackers to exploit a cache poisoning bug, potentially leading to a Denial of Service (DoS) condition for affected applications, as per a report by Vercel. CVE ID Affected Versions Severity…
-
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines.A brief description of the vulnerabilities is below -CVE-2025-32462 (CVSS score: 2.8) – Sudo before 1.9.17p1, when used with a sudoers file that specifies…
-
Multiple PHP Vulnerabilities Enables SQLi and DoS Attacks Update Now
Security researchers have disclosed two significant vulnerabilities in PHP, the popular server-side scripting language, that could allow attackers to launch SQL injection (SQLi) and Denial of Service (DoS) attacks. According to the report, Administrators and developers are urged to update their PHP installations immediately to mitigate these risks. CVE ID Component Severity Affected Versions Patched…
-
Apache Tomcat and Camel Vulnerabilities Actively Targeted in Cyberattacks
The Apache Foundation disclosed several critical vulnerabilities affecting two of its widely used software platforms, Apache Tomcat and Apache Camel, sparking immediate concern among cybersecurity experts and organizations worldwide. Apache Tomcat, a popular platform for running Java-based web applications, was found to have a severe flaw identified as CVE-2025-24813. This vulnerability, impacting versions 9.0.0.M1 to…
-
CVE Program Launches Two New Forums to Enhance CVE Utilization
The CVE Board has launched a Consumer Working Group and a Researcher Working Group, allowing new stakeholders to shape the future of the CVE Program First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cve-program-new-user-researcher/
-
Microsoft Edge Fixes Actively Exploited Chromium Flaw, Update Immediately
Microsoft has released a critical security update for its Edge browser, addressing a high-severity vulnerability in the Chromium engine that is currently being exploited in the wild. The update, available in Microsoft Edge Stable Channel Version 138.0.3351.65, patches CVE-2025-6554″, a flaw that security experts urge all users to remediate without delay. CVE-2025-6554 is a type…
-
12-Year-Old Sudo Vulnerability Exposes Linux Systems to Root Privilege Escalation
A newly disclosed vulnerability in the Sudo command-line tool, present for over 12 years, has exposed countless Linux and Unix-like systems to the risk of local privilege escalation, allowing attackers to gain root access without sophisticated exploits. The flaw, tracked as CVE-2025-32462, was discovered by the Stratascale Cyber Research Unit (CRU) and affects both stable…