Tag: exploit
-
n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
Tags: automation, cloud, cve, cvss, exploit, flaw, open-source, rce, remote-code-execution, vulnerabilityOpen-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE).The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system.”Under certain conditions, an authenticated user may be able to cause untrusted code to be…
-
Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers
Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’),…
-
Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations’ domains and distribute emails that appear as if they have been sent internally.”Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA,” the First…
-
Entsorgung empfohlen: Laufende Attacken auf DRouter über Zero-Day-Lücke
D-Link untersucht eine bisher ungepatchte Schadcode-Lücke in seinen Routern. Für einige betroffene Modelle wird es keinen Patch geben. First seen on golem.de Jump to article: www.golem.de/news/entsorgung-empfohlen-d-link-router-werden-ueber-zero-day-luecke-attackiert-2601-203887.html
-
Hackers Exploit Routing Misconfigurations to Successfully Spoof Organizations
Cybercriminals are exploiting complex routing scenarios and misconfigured email authentication protections to successfully spoof organizational domains, enabling them to deliver phishing emails that appear to originate from within targeted companies. The attack vector, which has seen increased activity since May 2025, leverages weaknesses in Domain-based Message Authentication, Reporting, and Conformance (DMARC) configurations and third-party email…
-
Entsorgung empfohlen: DRouter werden über Zero-Day-Lücke attackiert
D-Link untersucht eine bisher ungepatchte Schadcode-Lücke in seinen Routern. Für einige betroffene Modelle wird es keinen Patch geben. First seen on golem.de Jump to article: www.golem.de/news/entsorgung-empfohlen-d-link-router-werden-ueber-zero-day-luecke-attackiert-2601-203887.html
-
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.”An unauthenticated remote attacker can inject…
-
New D-Link flaw in legacy DSL routers actively exploited in attacks
Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks/
-
Kimwolf Android botnet abuses residential proxies to infect internal devices
The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kimwolf-android-botnet-abuses-residential-proxies-to-infect-internal-devices/
-
NDSS 2025 HADES Attack: Understanding And Evaluating Manipulation Risks Of Email Blocklists
Tags: attack, conference, dns, email, exploit, infrastructure, Internet, malicious, mitigation, network, risk, service, spam, technologySession 8A: Email Security Authors, Creators & Presenters: Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)…
-
NDSS 2025 Exploiting the Complexity Of Modern CSS For Email And Browser Fingerprinting
Session 8A: Email Security Authors, Creators & Presenters: Leon Trampert (CISPA Helmholtz Center for Information Security), Daniel Weber (CISPA Helmholtz Center for Information Security), Lukas Gerlach (CISPA Helmholtz Center for Information Security), Christian Rossow (CISPA Helmholtz Center for Information Security), Michael Schwarz (CISPA Helmholtz Center for Information Security) PAPER Cascading Spy Sheets: Exploiting the Complexity…
-
How generative AI accelerates identity attacks against Active Directory
Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-generative-ai-accelerates-identity-attacks-against-active-directory/
-
Threat Actors Exploit Office Assistant to Deliver Malicious Mltab Browser Plugin
A sophisticated malware campaign has been discovered exploiting Office Assistant, a widely used AI-powered productivity software in China, to distribute a malicious browser plugin that hijacks user traffic and exfiltrates sensitive information. The RedDrip Team from QiAnXin Technology’s Threat Intelligence Center uncovered this operation, which has been active since at least May 2024 and has…
-
Threat Actors Exploit Commodity Loader in Targeted Email Campaigns Against Organizations
Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated, multi-stage attack campaign deploying a shared commodity loader across multiple threat actor groups. The operation demonstrates advanced operational security and represents a significant threat to manufacturing and government organizations in Italy, Finland, and Saudi Arabia. The campaign combines precision targeting with cutting-edge evasion techniques, utilizing…
-
Open WebUI bug turns the ‘free model’ into an enterprise backdoor
Tags: access, api, authentication, backdoor, data, exploit, flaw, malicious, mitigation, network, nvd, remote-code-execution, risk, tool, updateEscalating to Remote Code Execution: The risk doesn’t stop at account takeover. If the compromised account has workspace.tools permissions, attackers can leverage that session token to push authenticated Python code through Open WebUI’s Tools API, which executes without sandboxing or validation.This turns a browser-level compromise into full remote code execution on the backend server. Once…
-
AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026?
Tags: access, ai, api, application-security, attack, authentication, automation, business, ciso, cloud, compliance, computer, computing, container, control, crypto, cryptography, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, flaw, framework, governance, government, healthcare, iam, identity, infrastructure, injection, LLM, malicious, metric, monitoring, network, nist, open-source, oracle, regulation, resilience, risk, service, skills, software, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management, waf, zero-day, zero-trustAI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? madhav Tue, 01/06/2026 – 04:44 If we think 2025 has been fast-paced, it’s going to feel like a warm-up for the changes on the horizon in 2026. Every time this year, Thales experts become cybersecurity oracles and predict where the industry is…
-
Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers
Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server.Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting…
-
Why cybersecurity needs to focus more on investigation and less on just detection and response
Tags: access, attack, breach, cyber, cyberattack, cybersecurity, data, defense, detection, exploit, network, resilience, risk, threat, tool, vulnerabilityInvestigation: Where the real insights lie: This is where investigation comes in. Think of investigation as the part where you understand the full story. It’s like detective work: not just looking at the footprints, but figuring out where they came from, who’s leaving them, and why they’re trying to break in in the first place.…
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
Windows Users at Risk as Critical Zoom Vulnerability Exploited
A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately. The post Windows Users at Risk as Critical Zoom Vulnerability Exploited appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-flaw-windows-users-at-risk/
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
Kimwolf Botnet Exploits 2 Million Devices to Build a Global Proxy Infrastructure
A massive new botnet dubbed >>Kimwolf
-
ProfileHound: Post-Escalation Tool Designed to Achieve Red Team Objectives
ProfileHound emerges as a specialized post-exploitation instrument for offensive security professionals seeking to identify high-value targets within Active Directory environments. The tool addresses a critical gap in red-team reconnaissance by enumerating domain user profiles stored on compromised machines, enabling operators to make data-driven decisions about which systems warrant focused exploitation.”‹ The fundamental innovation behind ProfileHound…
-
âš¡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More
The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit.This week’s stories share one pattern. Nothing flashy. No single…
-
Inside 2025’s Top Threat Groups: Why Familiar Actors Still Have the Upper Hand
New research reveals how ransomware groups like LockBit and Black Basta exploit visibility gaps, leaving security teams struggling to keep pace. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/inside-2025s-top-threat-groups-why-familiar-actors-still-have-the-upper-hand/
-
2026 verkürzt sich die Zeit bis zum Exploit drastisch – So sichern Unternehmen Lieferketten und Edge gegen schnelle Exploits
Tags: exploitFirst seen on security-insider.de Jump to article: www.security-insider.de/lieferketten-edge-exploits-2026-sichern-a-3f2ee4c5c5a6e46713db07c6586ddd18/