Tag: dos
-
SoundCloud Hit by Cyberattack, Breach Affects 20% of its Users
SoundCloud confirms a breach affecting an estimated 20% of users, resulting in stolen email addresses. The company is dealing with follow-up DoS attacks by unnamed attackers while media reports allege involvement of ShinyHunters. First seen on hackread.com Jump to article: hackread.com/soundcloud-cyberattack-data-breach/
-
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks
NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems. The security bulletin, published on December 9, 2025, identifies critical flaws in the NVTabular and Transformers4Rec components of NVIDIA…
-
High-Severity Jenkins Flaw Enables Unauthenticated DoS Through HTTP CLI
Jenkins has released a critical security advisory addressing a high-severity denial-of-service vulnerability affecting millions of organizations that rely on the popular automation server. The flaw, tracked as CVE-2025-67635, allows unauthenticated attackers to disrupt Jenkins instances by exploiting improper handling of corrupted HTTP-based CLI connections. Vulnerability Overview The vulnerability resides in Jenkins’ HTTP-based command-line interface, where…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data. The OpenVPN development team has released urgent updates to address these issues, and administrators are…
-
OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data. The OpenVPN development team has released urgent updates to address these issues, and administrators are…
-
Breach Roundup: Recently Patched Oracle Flaw Under Attack
Also: npm Packages Infiltrated, FBI Issues Fraud Alert, Campbell’s Soup Cans CISO. This week, a recently fixed Oracle flaw is being actively exploited, Shelly tackled Pro 4PM DoS bug, Shai-Hulud 2.0 hit npm, the FBI warned of rising bank account takeover scams, regulators fined Comcast over a vendor breach, Iberia reported a supplier incident and…
-
NVIDIA DGX Spark Flaws Allow Attackers to Run Malicious Code and Launch DoS Attacks
NVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system. These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the system. The vulnerabilities affect all versions of NVIDIA DGX OS before the latest OTA0 update. CVE ID Severity CVSS Score Potential…
-
NVIDIA DGX Spark Flaws Allow Attackers to Run Malicious Code and Launch DoS Attacks
NVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system. These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the system. The vulnerabilities affect all versions of NVIDIA DGX OS before the latest OTA0 update. CVE ID Severity CVSS Score Potential…
-
Data Security Rollouts Thrive on Momentum and Preparation
Protiviti’s Maio on the Do’s and Don’ts of Data. Organizations that struggle with data security rollouts aren’t burdened by financial constraints or poor tooling. But they often misjudge how much work goes into security planning, said Antonio Maio, managing director at global consulting firm Protiviti. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/data-security-rollouts-thrive-on-momentum-preparation-a-30096
-
Actively exploited firewall flaws now abused for DoS attacks
Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-actively-exploited-firewall-flaws-now-abused-for-dos-attacks/
-
Actively exploited firewall flaws now abused for DoS attacks
Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-actively-exploited-firewall-flaws-now-abused-for-dos-attacks/
-
Django Flaws Enable SQL Injection and DoS Attacks
New Django flaws expose sites to SQL injection and DoS attacks, underscoring the need for stronger security practices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-django-vulnerability-sqli-dos-attacks/
-
Critical HashiCorp Vault Vulnerabilities Allow Authentication Bypass and DoS Attacks
HashiCorp has disclosed two critical vulnerabilities in Vault and Vault Enterprise that could enable attackers to bypass authentication mechanisms and launch denial-of-service attacks against infrastructure. The first vulnerability, identified under Bulletin ID HCSEC-2025-31, stems from a regression in how Vault processes JSON payloads. According to HashiCorp’s disclosure published on October 23, 2025, the vulnerability allows…
-
Critical HashiCorp Vault Vulnerabilities Allow Authentication Bypass and DoS Attacks
HashiCorp has disclosed two critical vulnerabilities in Vault and Vault Enterprise that could enable attackers to bypass authentication mechanisms and launch denial-of-service attacks against infrastructure. The first vulnerability, identified under Bulletin ID HCSEC-2025-31, stems from a regression in how Vault processes JSON payloads. According to HashiCorp’s disclosure published on October 23, 2025, the vulnerability allows…
-
BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially impacting millions of users worldwide. Organizations running affected BIND 9 versions should prioritize immediate patching to prevent exploitation. The three…
-
BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially impacting millions of users worldwide. Organizations running affected BIND 9 versions should prioritize immediate patching to prevent exploitation. The three…
-
Network security devices endanger orgs with ’90s era flaws
Tags: access, application-security, apt, authentication, breach, cisa, cisco, citrix, cloud, control, cve, cyber, cybersecurity, dos, email, endpoint, exploit, finance, firewall, firmware, flaw, government, group, incident response, infrastructure, injection, ivanti, jobs, linux, mitigation, mobile, network, open-source, penetration-testing, programming, regulation, remote-code-execution, reverse-engineering, risk, risk-management, router, service, software, threat, tool, vpn, vulnerability, zero-day2024 networking and security device zero-day flaws Product CVE Flaw type CVSS Check Point Quantum Security Gateways and CloudGuard Network Security CVE-2024-24919 Path traversal leading to information disclosure 8.6 (High) Cisco Adaptive Security Appliance CVE-2024-20359 Arbitrary code execution 6.6 (Medium) Cisco Adaptive Security Appliance CVE-2024-20353 Denial of service 8.6 (High) Cisco Adaptive Security Appliance …
-
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications…
-
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications…
-
GitLab Releases Security Update to Patch Multiple DoS-Enabling Vulnerabilities
GitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Self-managed installations should upgrade immediately to versions 18.4.2, 18.3.4, or 18.2.8. GitLab.com already runs the patched versions, and GitLab Dedicated customers are unaffected. The GitLab team delivers scheduled releases twice a month, on…
-
GitLab Releases Security Update to Patch Multiple DoS-Enabling Vulnerabilities
GitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Self-managed installations should upgrade immediately to versions 18.4.2, 18.3.4, or 18.2.8. GitLab.com already runs the patched versions, and GitLab Dedicated customers are unaffected. The GitLab team delivers scheduled releases twice a month, on…
-
OpenSSL patches 3 vulnerabilities, urging immediate updates
OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, in its open-source SSL/TLS toolkit. OpenSSL is an open-source library that provides encryption, decryption, hashing, and digital certificate management.…
-
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
Tags: cisco, credentials, cve, dos, exploit, flaw, rce, remote-code-execution, service, software, vulnerabilityCisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances.The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it “after…
-
SmokeLoader Employs Optional Plugins to Steal Data and Launch DoS Attacks
Active since 2011, SmokeLoader (also known as Smoke or Dofoil) has cemented its reputation as a versatile malware loader engineered to deliver second-stage payloads, including trojans, ransomware, and information stealers. Over the years, it has evolved to evade detection and optimize payload delivery, extending its reach through an extensible plugin framework capable of credential harvesting,…
-
Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS
Cisco addressed multiple high-severity IOS XR vulnerabilities that can allow ISO image verification bypass and trigger DoS conditions. Cisco addressed multiple vulnerabilities in IOS XR software as part of its semiannual Software Security Advisory Bundled Publication published on September 10, 2025. Below are the vulnerabilities addressed by the network giant: The following table identifies Cisco…
-
Multiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack Vectors
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2, 18.2.6, and 18.1.6 for both Community Edition and Enterprise Edition, with immediate upgrades strongly recommended for all self-managed installations. Critical Security Fixes Target Multiple Attack…