Tag: dos
-
Critical HashiCorp Vault Vulnerabilities Allow Authentication Bypass and DoS Attacks
HashiCorp has disclosed two critical vulnerabilities in Vault and Vault Enterprise that could enable attackers to bypass authentication mechanisms and launch denial-of-service attacks against infrastructure. The first vulnerability, identified under Bulletin ID HCSEC-2025-31, stems from a regression in how Vault processes JSON payloads. According to HashiCorp’s disclosure published on October 23, 2025, the vulnerability allows…
-
BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially impacting millions of users worldwide. Organizations running affected BIND 9 versions should prioritize immediate patching to prevent exploitation. The three…
-
BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially impacting millions of users worldwide. Organizations running affected BIND 9 versions should prioritize immediate patching to prevent exploitation. The three…
-
Network security devices endanger orgs with ’90s era flaws
Tags: access, application-security, apt, authentication, breach, cisa, cisco, citrix, cloud, control, cve, cyber, cybersecurity, dos, email, endpoint, exploit, finance, firewall, firmware, flaw, government, group, incident response, infrastructure, injection, ivanti, jobs, linux, mitigation, mobile, network, open-source, penetration-testing, programming, regulation, remote-code-execution, reverse-engineering, risk, risk-management, router, service, software, threat, tool, vpn, vulnerability, zero-day2024 networking and security device zero-day flaws Product CVE Flaw type CVSS Check Point Quantum Security Gateways and CloudGuard Network Security CVE-2024-24919 Path traversal leading to information disclosure 8.6 (High) Cisco Adaptive Security Appliance CVE-2024-20359 Arbitrary code execution 6.6 (Medium) Cisco Adaptive Security Appliance CVE-2024-20353 Denial of service 8.6 (High) Cisco Adaptive Security Appliance …
-
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications…
-
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications…
-
GitLab Releases Security Update to Patch Multiple DoS-Enabling Vulnerabilities
GitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Self-managed installations should upgrade immediately to versions 18.4.2, 18.3.4, or 18.2.8. GitLab.com already runs the patched versions, and GitLab Dedicated customers are unaffected. The GitLab team delivers scheduled releases twice a month, on…
-
GitLab Releases Security Update to Patch Multiple DoS-Enabling Vulnerabilities
GitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Self-managed installations should upgrade immediately to versions 18.4.2, 18.3.4, or 18.2.8. GitLab.com already runs the patched versions, and GitLab Dedicated customers are unaffected. The GitLab team delivers scheduled releases twice a month, on…
-
OpenSSL patches 3 vulnerabilities, urging immediate updates
OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, in its open-source SSL/TLS toolkit. OpenSSL is an open-source library that provides encryption, decryption, hashing, and digital certificate management.…
-
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
Tags: cisco, credentials, cve, dos, exploit, flaw, rce, remote-code-execution, service, software, vulnerabilityCisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances.The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it “after…
-
SmokeLoader Employs Optional Plugins to Steal Data and Launch DoS Attacks
Active since 2011, SmokeLoader (also known as Smoke or Dofoil) has cemented its reputation as a versatile malware loader engineered to deliver second-stage payloads, including trojans, ransomware, and information stealers. Over the years, it has evolved to evade detection and optimize payload delivery, extending its reach through an extensible plugin framework capable of credential harvesting,…
-
Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS
Cisco addressed multiple high-severity IOS XR vulnerabilities that can allow ISO image verification bypass and trigger DoS conditions. Cisco addressed multiple vulnerabilities in IOS XR software as part of its semiannual Software Security Advisory Bundled Publication published on September 10, 2025. Below are the vulnerabilities addressed by the network giant: The following table identifies Cisco…
-
Multiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack Vectors
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2, 18.2.6, and 18.1.6 for both Community Edition and Enterprise Edition, with immediate upgrades strongly recommended for all self-managed installations. Critical Security Fixes Target Multiple Attack…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
Speicherüberlauf führt zu RCE oder DoS – Konfiguration von Citrix Netscaler schafft Sicherheitslücken
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-in-citrix-netscaler-adc-und-gateway-a-e4f033f5440b22845a4489fc64ba5bce/
-
NVIDIA Patches Vulnerabilities Causing DoS, EoP, and Data Exposure
NVIDIA today released critical security updates for its BlueField, ConnectX, DOCA, Mellanox DPDK, Cumulus Linux, and NVOS products. The Partner Security Bulletin addresses multiple vulnerabilities that could allow denial of service (DoS), escalation of privileges (EoP), and information disclosure. Customers are urged to download and install updated components immediately to protect their systems. To get…
-
Cisco Nexus 3000 9000 Vulnerability Enables DoS Attacks
Cisco has issued a high-severity security advisory warning of a dangerous vulnerability in its Nexus 3000 and 9000 Series switches that could allow attackers to trigger denial of service (DoS) attacks through crafted network packets. The vulnerability, tracked asCVE-2025-20241and assigned a CVSS score of 7.4, affects the Intermediate System-to-Intermediate System (IS-IS) feature in Cisco NX-OS…
-
CVE-2025-7775: Citrix NetScaler ADC and NetScaler Gateway Zero-Day Remote Code Execution Vulnerability Exploited in the Wild
Citrix has released patches to address a zero-day remote code execution vulnerability in NetScaler ADC and NetScaler Gateway that has been exploited. Organizations are urged to patch immediately. Background On August 26, Citrix published a security advisory for three vulnerabilities, including CVE-2025-7775, a zero-day vulnerability which has been exploited against its NetScaler Application Delivery Controller…
-
QUIC-LEAK Vulnerability Allows Attackers to Drain Server Memory and Cause DoS
Security researchers at Imperva have disclosed a critical pre-handshake memory exhaustion vulnerability in the widely-used LSQUIC QUIC implementation that enables remote attackers to crash servers through denial-of-service attacks. The flaw, designated CVE-2025-54939 and dubbed >>QUIC-LEAK,
-
Ivanti Connect Secure, Policy Secure, and ZTA Flaws Allow Attackers to Launch DoS Attacks
Ivanti has released critical security updates addressing multiple vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products that could allow remote attackers to launch denial-of-service attacks. The company disclosed four vulnerabilities on August 12, 2025, with CVSS scores ranging from medium to high severity, though no active exploitation has been detected at the…
-
Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks
Security researchers have uncovered a “zero-click” denial-of-service chain that can silently turn thousands of Microsoft Windows Domain Controllers (DCs) into a globe-spanning botnet, raising fresh alarms in a year already defined by record-breaking distributed-denial-of-service (DDoS) activity. DDoS attacks climbed 56% year-over-year in late-2024 according to Gcore’s latest Radar report, and Cloudflare’s network has already blocked…
-
‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers
Research revealed more DoS flaws: SafeBreach researchers also discovered CVE-2025-26673 in DC’s Netlogon service, where crafted RPC calls could crash the service remotely without authentication. By exploiting this weakness, attackers could knock out a critical Windows authentication component, potentially locking users out of domain resources until the system is rebooted. Similarly, CVE-2025-49716 targets Windows Local…
-
FUJIFILM Printer Flaw Allows Attackers to Trigger DoS Attacks
FUJIFILM Business Innovation has disclosed a critical vulnerability affecting multiple printer models that could allow attackers to launch denial-of-service (DoS) attacks through specially crafted network packets. The vulnerability, tracked as CVE-2025-48499, affects the Internet Printing Protocol (IPP) and Line Printer Daemon (LPD) protocol processing capabilities of affected devices. Vulnerability Details The security flaw stems from…
-
Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands
Tags: ai, api, attack, computer, control, cyber, cyberattack, cybercrime, data, detection, dos, exploit, government, group, hacking, infrastructure, intelligence, LLM, malicious, malware, military, network, phishing, programming, russia, service, tool, ukraine, vulnerability, windows.pif (MS-DOS executable) extension, though variants with .exe and .py extensions have also been observed.CERT-UA attributes these attacks to a group it tracks as UAC-0001, but which is better known in the security community as APT28. Western intelligence agencies have officially associated this group with Unit 26165, or the 85th Main Special Service Center (GTsSS)…
-
Over 4 Million Exposed Devices Used in Two New DoS Attack Campaigns
Security researchers have discovered over 4 million vulnerable Internet hosts that can be weaponized for devastating new denial-of-service attacks, marking one of the largest infrastructure vulnerabilities uncovered in recent years. The groundbreaking research, conducted by Angelos Beitis and Mathy Vanhoef from DistriNet at KU Leuven, reveals that millions of devices worldwide accept unauthenticated tunneling traffic…
-
Apache Tomcat Coyote Flaw Allows Attackers to Launch DoS Attacks
The Apache Software Foundation has revealed a vulnerability in the Tomcat Coyote module, specifically within the Maven artifact org.apache.tomcat:tomcat-coyote, that could enable malicious actors to orchestrate denial-of-service (DoS) attacks. This flaw stems from an uncontrolled resource consumption issue tied to HTTP/2 protocol handling, potentially allowing attackers to overwhelm server resources by manipulating stream concurrency limits.…
-
Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning
A critical vulnerability, tracked asCVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and <15.1.8, allowed attackers to exploit a cache poisoning bug, potentially leading to a Denial of Service (DoS) condition for affected applications, as per a report by Vercel. CVE ID Affected Versions Severity…