Tag: cve
-
Windows Task Scheduler Flaw Allows Attackers to Escalate Privileges
A critical elevation of privilege vulnerability has been identified in the Windows Task Scheduler service, tracked as CVE-2025-33067. Officially published on June 10, 2025, by Microsoft as the assigning CNA (CVE Numbering Authority), this flaw allows attackers to potentially gain elevated privileges on affected systems, bypassing normal user restrictions and compromising the integrity of the…
-
Windows Common Log File System Driver Flaw Allows Attackers to Escalate Privileges
Microsoft addressed a critical security flaw (CVE-2025-32713) in the Windows Common Log File System (CLFS) driver during its June 2025 Patch Tuesday. The heap-based buffer overflow vulnerability enables local attackers to escalate privileges to SYSTEM-level access, posing significant risks to enterprise environments. Anatomy of CVE-2025-32713 The vulnerability stems from improper memory handling in the CLFS…
-
Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers
Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals who depend on the widely used productivity software. The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, each received a CVSS v3.1 base score of…
-
Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited
A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting over 80,000 servers. Threat actors exploited a critical remote code execution (RCE) flaw in Roundcube, tracked as CVE-2025-49113, just days after the patch was released, targeting over 80,000 servers. Roundcube is a popular webmail platform and has been repeatedly targeted…
-
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/11/microsoft-fixes-zero-day-exploited-for-cyber-espionage-cve-2025-33053/
-
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/11/microsoft-fixes-zero-day-exploited-for-cyber-espionage-cve-2025-33053/
-
Windows Netzwerkschwachstelle CVE-2025-33073 (Reflective Kerberos Relay Attack)
Zum 10. Juni 2025 hat Microsoft mit den Sicherheits-Updates für Windows auch die Schwachstelle CVE-2025-33073 gepatcht. Es handelt sich um eine Schwachstelle im Kerberos-Netzwerkprotokoll, die im Januar 2025 von RedTeam Pentesting entdeckt wurde. Nachfolgende lege ich einige Informationen zur Schwachstelle … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/11/windows-netzwerkschwachstelle-cve-2025-33073-reflective-kerberos-relay-attack/
-
Mirai botnet weaponizes PoC to exploit Wazuh open-source XDR flaw
Two Mirai variants integrate the exploit: The first botnet exploiting CVE-2025-24016 was detected by Akamai in March and used a proof-of-concept (PoC) exploit that was published for the vulnerability in late February. That exploit targets the /security/user/authenticate/run_as API endpoint.The second botnet was detected in early May and targeted the /Wazuh endpoint, but the exploit payload…
-
Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Flaw
Akamai’s latest report reveals two Mirai botnets exploiting the critical CVE-2025-24016 flaw in Wazuh. Learn about these fast-spreading IoT threats and urgent patching advice. First seen on hackread.com Jump to article: hackread.com/two-mirai-botnets-lzrd-resgod-exploiting-wazuh-flaw/
-
New Secure Boot flaw lets attackers install bootkit malware, patch now
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/
-
Microsoft Windows WebDAV 0-Day RCE Vulnerability Actively Exploited in The Wild
A critical zero-day vulnerability in Microsoft Windows, designated CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group Stealth Falcon. The flaw, enabling remote code execution (RCE) through manipulation of a system’s working directory, was addressed by Microsoft in its June 2025 Patch Tuesday updates following CPR’s responsible disclosure. Below is a technical…
-
SAP June 2025 Security Patch Day fixed critical NetWeaver bug
SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch released in June 2025 Security Patch. SAP June 2025 Security Patch addressed a critical NetWeaver vulnerability, tracked as CVE-2025-42989 (CVSS score of 9.6), allowing threat actors to bypass authorization checks and escalate their privileges. >>RFC inbound processing does not perform…
-
Ivanti Workspace Control Vulnerability Lets Attackers Remotely Exploit To Steal the Credential
Ivanti has released a critical security update for its Workspace Control software, patching three high-severity vulnerabilities that could allow attackers to compromise sensitive credentials. The vulnerabilities, identified as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, affect versions of Ivanti Workspace Control prior to 10.19.10.0. CVE Number Description CVSS Score (Severity) CVE-2025-5353 A hardcoded key in Ivanti Workspace Control…
-
U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: The CVE-2025-32433 flaw is a…
-
New Research on Salesforce Industry Clouds: 0-days, Insecure Defaults, and Exploitable Misconfigurations
AppOmni’s latest research reveals 20+ OmniStudio security flaws, including 5 CVEs affecting Salesforce industry clouds. Learn how misconfigurations expose sensitive data and how to secure your org. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/new-research-on-salesforce-industry-clouds-0-days-insecure-defaults-and-exploitable-misconfigurations/
-
Juni 2025-Patchday soll Schwachstelle CVE-2025-33073 in Windows schließen
Zum 11. Juli 2025 wird Microsoft seinen regulären Patchday durchführen und Sicherheitsupdates für Windows veröffentlichen. Administratoren in Unternehmen sollten dieses Mal die Sicherheitsupdates zeitnah installieren, da eine Schwachstelle CVE-2025-33073 in Windows geschlossen werden soll. Zum Wochenende ging bereits eine Information … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/10/juni-2025-patchday-soll-schwachstelle-cve-2025-33073-in-windows-schliessen/
-
Mirai botnets exploit Wazuh RCE, Akamai warned
Tags: botnet, compliance, cve, data, detection, exploit, flaw, open-source, rce, remote-code-execution, threat, vulnerabilityMirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai warned. Akamai researchers warn that multiple Mirai botnets exploit the critical remote code execution vulnerability CVE-2025-24016 (CVSS score of 9.9) affecting Wazuh servers. Wazuh is an open-source security platform used for threat detection, intrusion detection, log data analysis, and compliance…
-
CISA Issues Alert on Erlang/OTP SSH Server RCE Vulnerability Under Active Exploitation
Tags: cisa, cve, cyber, cybersecurity, exploit, infrastructure, kev, rce, remote-code-execution, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH server implementations that allows attackers to execute arbitrary commands without authentication. The vulnerability, designated as CVE-2025-32433, has been added to CISA Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild and posing significant risks…
-
Exploitation of Critical Wazuh Server RCE Vulnerability Leads to Mirai Variant Deployment
The Akamai Security Intelligence and Response Team (SIRT) has uncovered active exploitation of a critical remote code execution (RCE) vulnerability in Wazuh servers, identified as CVE-2025-24016 with a CVSS score of 9.9. Disclosed in February 2025, this vulnerability affects Wazuh versions 4.4.0 through 4.9.0 and stems from unsafe deserialization in the Distributed API (DAPI) requests,…
-
Over 84,000 Roundcube Webmail Installations Exposed to Remote Code Vulnerabilities
Security researchers have identified a critical vulnerability in Roundcube Webmail that affects over 84,000 unpatched installations worldwide, according to data from The Shadowserver Foundation. The vulnerability, designated CVE-2025-49113, enables authenticated attackers to execute arbitrary code remotely and has already been exploited in targeted attacks potentially conducted by state actors. The vulnerability affects all Roundcube versions…
-
ManageEngine Exchange Reporter Plus Vulnerability Enables Remote Code Execution
A critical security vulnerability has been discovered in ManageEngine Exchange Reporter Plus, a popular email monitoring and reporting solution, that could allow attackers to execute arbitrary commands on target servers. The vulnerability, assigned CVE-2025-3835, affects all builds up to version 5721 and has been addressed in the emergency security update released on May 29, 2025.…
-
CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2025-32433 (CVSS score: 10.0) – A missing authentication for a critical First seen…
-
Over 84,000 Roundcube instances vulnerable to actively exploited flaw
Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-84-000-roundcube-instances-vulnerable-to-actively-exploited-flaw/
-
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks.Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that…
-
Jenkins Gatling Plugin Flaw Allows CSP Bypass, Exposing Systems to Attack
On June 6, 2025, the Jenkins Project issued a security advisory (SECURITY-3588 / CVE-2025-5806) affecting the Gatling Plugin, a widely used tool for displaying performance test reports within the Jenkins automation server. The vulnerability carries a high severity rating, with CVSS base scores ranging from 8.0 to 9.0 across different versions, indicating a significant risk…
-
New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721
A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices. During a review of the logs in…
-
Attackers exploit Fortinet flaws to deploy Qilin ransomware
Tags: cve, exploit, flaw, fortinet, group, intelligence, ransomware, remote-code-execution, threat, vulnerabilityQilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, and CVE-2024-55591. >>Phantom Mantis recently launched a coordinated intrusion campaign targeting multiple organizations between…