Tag: cve
-
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region.The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary…
-
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware
Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnerability/
-
Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets
The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending specifically crafted malicious packets. This flaw, identified as CVE-2023-5517, could cause named (the BIND DNS server process) to terminate unexpectedly with an assertion failure when specific queries were processed with certain features enabled. The vulnerability, disclosed in BIND 9.18.24 release…
-
Ergänzung oder Alternative zur CVE-Datenbank? – Neue EU-Datenbank für Sicherheitslücken geht an den Start
Tags: cveFirst seen on security-insider.de Jump to article: www.security-insider.de/eu-startet-eigene-sicherheitsluecken-datenbank-euvd-vs-cve-a-33ae6052fffd0d493f2c42f70c7969cc/
-
PowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP Connections
PowerDNS has released a critical security update to address a vulnerability in its DNSdist load balancer that could allow remote attackers to trigger denial of service attacks without authentication. The issue, tracked as CVE-2025-30193, was patched in version 1.9.10 released on May 20, 2025. Security researchers warn that organizations using DNSdist should apply this update…
-
A critical flaw in OpenPGP.js lets attackers spoof message signatures
A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have been released to address the flaw. A critical vulnerability, tracked as CVE-2025-47934, in OpenPGP.js allowed spoofing of message signature verification. OpenPGP.js is an open-source JavaScript library that implements the OpenPGP standard for email and data encryption. It allows developers to…
-
Ivanti EPMM Bugs Combine for Unauthenticated RCE in the Wild
Summary On March 13, Ivanti disclosed two vulnerabilities which a ect their on-premise Endpoint Manager Mobile product: CVE-2025-4427 (an authentication bypass) and CVE-2025-4428 (an authenticated First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/05/21/ivanti-epmm-bugs-combine-for-unauthenticated-rce-in-the-wild/
-
Millions of Node.js Apps at Risk Due to Critical Multer Vulnerabilities
Two high-severity security flaws have been identified in Multer, a popular middleware used in Node.js applications for handling file uploads. The Multer vulnerabilities, tracked as CVE-2025-47944 and CVE-2025-47935, affect all versions from 1.4.4-lts.1 up to but not including 2.0.0. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/multer-vulnerabilities-expose-node-js/
-
Critical VMware ESXi vCenter Flaw Allows Remote Execution of Arbitrary Commands
VMware by Broadcom has released critical security updates to address multiple severe vulnerabilities affecting its virtualization products, with evidence suggesting active exploitation in the wild. The vulnerabilities, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, affect VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform products. With CVSS scores ranging from 7.1 to 9.3, these flaws…
-
Schwachstelle CVE-2025-0411 in 7-ZIP ermöglicht MoW-Bypass
Ich hole mal ein Thema hoch, was Nutzer des Archivprogramms 7-ZIP betrifft. Seit Januar 2025 ist die Schwachstelle CVE-2025-0411 in 7-ZIP bekannt. Diese ermöglicht einem Remote-Angreifer unter Windows die Mark of the Web-Kennung als Schutzfunktion zu umgehen und wird in … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/21/schwachstelle-cve-2025-0411-in-7-zip-ermoeglicht-mow-bypass/
-
CISA Includes MDaemon Email Server XSS Flaw in KEV Catalog
Tags: cisa, cve, cyber, cybersecurity, email, exploit, flaw, infrastructure, kev, malicious, vulnerability, xssCybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability affecting MDaemon Email Server to its Known Exploited Vulnerabilities (KEV) Catalog on May 19, 2025. This critical addition, identified as CVE-2024-11182, highlights a security flaw that allows attackers to inject malicious JavaScript code via crafted HTML emails. Federal agencies now have until…
-
Security Flaw in WordPress Plugin Puts 22,000 Websites at Risk of Cyber Attacks
Critical security vulnerability has been discovered in Motors, a popular WordPress theme with over 22,000 sales, potentially exposing thousands of websites to complete takeover. Security researchers at Wordfence identified an unauthenticated privilege escalation vulnerability that allows attackers to change passwords of any user, including administrators, without requiring prior authentication. The vulnerability, identified as CVE-2025-4322 with…
-
Qilin Exploits SAP Zero-Day Vulnerability Weeks Ahead of Public Disclosure
Tags: authentication, control, cve, cyber, cybersecurity, endpoint, exploit, flaw, malicious, sap, vulnerability, zero-dayCybersecurity experts at OP Innovate have uncovered evidence that CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver Visual Composer, was actively exploited nearly three weeks before its public disclosure. This flaw, residing in the /developmentserver/metadatauploader endpoint, lacks proper authentication and authorization controls, enabling unauthenticated attackers to upload malicious files like web shells, leading to potential…
-
Windows 11 Privilege Escalation Vulnerability Let Attackers Gain Admin Access in Under 300 Milliseconds
Security researchers have uncovered a critical vulnerability in Windows 11 that allowed attackers to escalate privileges from a standard user to system-level administrator in just 300 milliseconds. The flaw, tracked as CVE-2025-24076, has been patched by Microsoft but represents a significant security risk for unpatched systems. The vulnerability leveraged a Dynamic-link Library (DLL) hijacking technique…
-
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
Tags: authentication, cisa, cve, cyber, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, open-source, remote-code-execution, vulnerability, zero-dayCybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The flaws CVE-2025-4427 and CVE-2025-4428 enable authentication bypass and remote code execution, respectively, and stem from insecure implementations of widely used open-source…
-
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
-
Active Exploitation of Ivanti EPMM Zero-Day Vulnerability in the Wild
Tags: cve, cyber, exploit, ivanti, monitoring, remote-code-execution, threat, vulnerability, zero-daySecurity researchers at The Shadowserver Foundation have identified active exploitation attempts targeting a critical zero-day vulnerability in Ivanti’s Enterprise Mobility Management (EPMM) platform. The vulnerability, tracked as CVE-2025-4427, can be chained with CVE-2025-4428 to achieve remote code execution (RCE), posing a significant threat to unpatched systems. Recent monitoring shows a concerning number of vulnerable instances…
-
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution.The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below -CVE-2025-4918 – An out-of-bounds access vulnerability when resolving Promise objects that could…
-
Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution
Tags: access, attack, breach, cve, cyber, data-breach, exploit, flaw, hacker, injection, network, remote-code-execution, threat, vulnerabilityThreat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence servers exposed to the internet. This exploit facilitated remote code execution (RCE), enabling attackers to gain initial access and establish a foothold within targeted networks. The breach, first detected through network traffic from IP address 45.227.254.124 running a >>whoami
-
Critical Firefox 0-Day Flaws Allow Remote Code Execution
Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers to execute malicious code on user systems. The flaws, tracked as CVE-2025-4918 and CVE-2025-4919, were disclosed on May 17, 2025, and are addressed in Firefox version 138.0.4. Security experts are strongly advising all users…
-
Thousands of WordPress Sites at Risk Due to Critical Crawlomatic Plugin Vulnerability
A severe security vulnerability has been discovered in the popular WordPress plugin, Crawlomatic Multisite Scraper Post Generator, potentially placing thousands of websites at risk. Tracked as CVE-2025-4389, the flaw allows unauthenticated attackers to upload malicious files, which could ultimately lead to remote code execution on affected websites. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/crawlomatic-plugin-hit-by-cve-2025-4389/
-
GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems
Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially affecting millions of Linux systems worldwide. The flaw, identified as CVE-2025-4802, involves statically linked setuid binaries that incorrectly search library paths, potentially allowing attackers to execute malicious code with elevated privileges. While no exploitations have been reported in the wild, the…
-
Cyber! Take your dadgum Medicine!
Learn the Bitter Lesson Bitter Lesson, an essay by one of the creators of reinforcement learning, first published back in 2019, recently made the rounds again now that its author, Professor Richard Sutton, was named a winner of this year’s ACM Turing Award. In it, he points out that general methods have won, again and again,…
-
CVE Disruption Threatens Foundations of Defensive Security
If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cve-disruption-threatens-foundations-defensive-security
-
Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities
Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote… First seen on hackread.com Jump to article: hackread.com/ivanti-epmm-actively-exploited-0day-vulnerabilities/
-
Google fixed a Chrome vulnerability that could lead to full account takeover
Google released emergency security updates to fix a Chrome vulnerability that could lead to full account takeover. Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. The security researcher Vsevolod Kokorin (@slonser_) discovered the vulnerability, which stems from an insufficient policy enforcement in…
-
European Vulnerability Database debuts amid CVE shakeup
First seen on scworld.com Jump to article: www.scworld.com/news/european-vulnerability-database-debuts-amid-cve-shakeup
-
Google patches Chrome vulnerability used for account takeover and MFA bypass
How could this be exploited?: OAuth provides a way of giving access to something without the need for a password. It’s useful in multiple scenarios, for example, in single sign-on (SSO). Users might also encounter it when giving a contact access to a file or document in a cloud service such as Microsoft 365 without…
-
Attackers Target Samsung MagicINFO Server Bug, Patch Now
CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/attackers-target-samsung-magicinfo-server-bug