Tag: exploit
-
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/
-
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild.The vulnerability, tracked as CVE-2025-40602 (CVSS score: 6.6), concerns a case of local privilege escalation that arises as a result of insufficient authorization in the appliance management console…
-
Sonicwall warns of new SMA1000 zero-day exploited in attacks
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/
-
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Critical React2Shell flaw exploited in ransomware attacks
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-react2shell-flaw-exploited-in-ransomware-attacks/
-
Actively Exploited Fortinet Flaws Enable Security Appliance Takeover
Attackers are actively exploiting Fortinet flaws to bypass authentication and take over security appliances. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/actively-exploited-fortinet-flaws-enable-security-appliance-takeover/
-
Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)
Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/fortigate-vulnerability-cve-2025-59718-exploited/
-
Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)
Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/fortigate-vulnerability-cve-2025-59718-exploited/
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Tags: credentials, cyber, exploit, hacker, infrastructure, intelligence, network, russia, theft, threat, vulnerabilityAmazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (20212025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Tags: credentials, cyber, exploit, hacker, infrastructure, intelligence, network, russia, theft, threat, vulnerabilityAmazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (20212025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the…
-
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability, tracked as CVE-2025-59718 (CVSS Score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. Threat actors started exploiting two critical flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1),…
-
CISA Alerts on Actively Exploited Gladinet CentreStack and Triofox Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert regarding a critical security vulnerability affecting Gladinet CentreStack and Triofox. The agency has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, indicating that hackers are actively exploiting it in attacks. The vulnerability, identified as CVE-2025-14611, involves a serious issue with how these…
-
Blind Eagle Hackers Exploit Trust to Bypass Email Security Controls
Tags: attack, control, cyber, cybersecurity, email, exploit, government, group, hacker, malware, phishing, spear-phishing, threatBlindEagle threat actors are exploiting compromised internal email accounts to launch spear-phishing campaigns that bypass traditional email security controls, targeting Colombian government agencies with sophisticated multi-stage malware attacks, according to Zscaler ThreatLabz research. The cybersecurity firm discovered the campaign in early September 2025, revealing that the South American threat group targeted a government agency under…
-
CISA Alerts on Actively Exploited Gladinet CentreStack and Triofox Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert regarding a critical security vulnerability affecting Gladinet CentreStack and Triofox. The agency has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, indicating that hackers are actively exploiting it in attacks. The vulnerability, identified as CVE-2025-14611, involves a serious issue with how these…
-
FortiGate firewall credentials being stolen after vulnerabilities discovered
Tags: access, advisory, ai, attack, authentication, best-practice, breach, ceo, cisa, credentials, cve, cyberattack, cybersecurity, data, data-breach, exploit, firewall, flaw, fortinet, hacker, infrastructure, Internet, kev, least-privilege, login, malicious, network, password, software, theft, threat, update, vulnerabilityCSO. “So far, the pattern of activity has appeared to be opportunistic in nature. While it is difficult to estimate the number of devices directly vulnerable to this vulnerability, there are hundreds of thousands of Fortinet appliances accessible on the public internet through specialized search engines. This allows threat actors to opportunistically attempt exploitation against…
-
Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw
Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-finds-five-china-nexus-groups-exploiting-react2shell-flaw/
-
Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw
Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-finds-five-china-nexus-groups-exploiting-react2shell-flaw/
-
Multiple Fortinet Products Exploited In Attacks, Rapid Patching Urged
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging Fortinet customers to prioritize patching for a critical-severity vulnerability, which impacts multiple products from the vendor and has been exploited in cyberattacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-multiple-fortinet-products-exploited-in-attacks-rapid-patching-urged
-
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks
Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
-
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks
Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
-
Critical FortiGate SSO Vulnerability Actively Exploited in Real-World Attacks
Fortinet’s FortiGate appliances face immediate threat from two critical authentication bypass vulnerabilities being actively exploited in production environments. Fortinet released advisories for CVE-2025-59718 and CVE-2025-59719 on December 9, 2025, identifying critical flaws in FortiCloud SSO authentication mechanisms. These vulnerabilities enable unauthenticated attackers to bypass SSO login protections through crafted SAML messages when FortiCloud SSO is…
-
Russia’s GRU Tied to Critical Infrastructure Cloud Breaches
Misconfigured Customer Network Edge Devices’ Under Fire, Warn Researchers. Misconfigured edge devices hosted in the cloud are giving nation-state hackers carte blanche to access Western critical infrastructure, warn threat intelligence experts at Amazon, who tied exploits of AWS customers’ device administrator portals to Russia’s GRU military intelligence agency. First seen on govinfosecurity.com Jump to article:…
-
Real Attacks of the Week: How Spyware Beaconing and Exploit Probing Are Shaping Modern Intrusions
Over the past week, enterprise security teams observed a combination of covert malware communication attempts and aggressive probing of publicly exposed infrastructure. These incidents, detected across firewall and endpoint security layers, demonstrate how modern cyber attackers operate simultaneously. While quietly activating compromised internal systems, they also relentlessly scan external services for exploitable weaknesses. Although the…
-
Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities
Amazon Threat Intelligence reports Russian GRU hackers are increasingly breaking into critical infrastructure by abusing misconfigured devices instead of exploiting software vulnerabilities. First seen on hackread.com Jump to article: hackread.com/amazon-russia-gru-hackers-misconfigured-vulnerabilities/