Tag: exploit
-
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/fake-poc-exploits-webrat-malware/
-
PoC Exploit Released for Critical n8n RCE Vulnerability
Security researchers have confirmed the release of proof-of-concept (PoC) exploit code for CVE-2025-68613, a critical remote code execution flaw affecting n8n workflow automation platform. The vulnerability carries a maximum CVSS score of 10.0 and impacts versions from v0.211.0 through v1.120.3. n8n is widely deployed in enterprise environments where it automates critical workflows and integrates with…
-
Forscher warnen: Kritische n8n-Lücke betrifft über 17.000 deutsche Server
Eine Sicherheitslücke lässt Angreifer n8n-Instanzen kapern und Schadcode einschleusen. Besonders viele anfällige Systeme gibt es in Deutschland. First seen on golem.de Jump to article: www.golem.de/news/forscher-warnen-kritische-n8n-luecke-betrifft-ueber-17-000-deutsche-server-2512-203557.html
-
Why Third-Party Access Remains the Weak Link in Supply Chain Security
Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside your network”, it will start with someone you trust. Every supplier, contractor, and service provider needs access to your systems to keep business running, yet each login is a…
-
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Digiever DS-2105 Pro flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Digiever DS-2105 Pro vulnerability, tracked as CVE-2023-52163 (CVSS Score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. Digiever DS-2105 Pro is a network video recorder (NVR) device designed…
-
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances.The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm.”Under certain…
-
NDSS 2025 ReDAN: An Empirical Study On Remote DoS Attacks Against NAT Networks
Tags: access, attack, cloud, conference, dos, exploit, firmware, Internet, malicious, network, router, side-channel, software, vulnerability, wifiSession 7A: Network Security 2 Authors, Creators & Presenters: Xuewei Feng (Tsinghua University), Yuxiang Yang (Tsinghua University), Qi Li (Tsinghua University), Xingxiang Zhan (Zhongguancun Lab), Kun Sun (George Mason University), Ziqiang Wang (Southeast University), Ao Wang (Southeast University), Ganqiu Du (China Software Testing Center), Ke Xu (Tsinghua University) PAPER ReDAN: An Empirical Study On Remote…
-
NDSS 2025 GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets
Tags: attack, conference, detection, exploit, framework, Internet, linux, mitigation, network, software, vulnerabilitySession 6D: Software Security: Vulnerability Detection Authors, Creators & Presenters: Qi Ling (Purdue University), Yujun Liang (Tsinghua University), Yi Ren (Tsinghua University), Baris Kasikci (University of Washington and Google), Shuwen Deng (Tsinghua University) PAPER GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets Since their emergence in 2018, speculative execution attacks have proven difficult…
-
US Must Go on Offense in Cyberspace, Report Warns
Report: China, Russia Exploiting US Cyber Policy Gaps to Gain Strategic Advantage. A new McCrary Institute report urges Washington to adopt a more offensive cyber strategy, warning that the current reactive approach leaves the U.S. unable to counter China and Russia’s persistent campaigns to gain asymmetric leverage in cyberspace. First seen on govinfosecurity.com Jump to…
-
Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices
With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/threat-actors-zero-day-watchguard-firebox
-
WatchGuard Fixes Firewall Zero-Day Being Actively Exploited
Scans Count 117,000 Unpatched Firewalls Running Vulnerable Version of Fireware OS. Attackers are actively attempting to exploit a now patched, zero-day vulnerability in WatchGuard Firebox firewalls, tracked as CVE-2025-14733, that can be used to remotely execute code. Scans show that over 115,000 of these edge devices remain internet-connected, unpatched and at risk. First seen on…
-
125,000 WatchGuard Firewalls Vulnerable to Remote Attacks
A critical zero-day flaw is being actively exploited to remotely compromise more than 125,000 WatchGuard Firebox firewalls. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/125000-watchguard-firewalls-vulnerable-to-remote-attacks/
-
Best of 2025: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats
The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and evade detection. The Veriti Research team analyzed these chat logs, revealing our favorite exploits, security measures they bypass, and the defenses they fear most. Veriti Research analyzed these chat communications, exposing: Targeted Exploits:..…
-
Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access
Open-source server monitoring tool, Nezha, is being exploited by attackers for remote system control First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nezha-abused-post-exploitation/
-
PoC Exploit Released for UseFree Vulnerability in Linux Kernel POSIX CPU Timers
A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated kernel exploits targeting Android devices. CVE-2025-38352 represents a use-after-free (UAF) vulnerability in the Linux kernel’s POSIX CPU timers implementation. The flaw was previously reported under limited, targeted exploitation in real-world Android…
-
âš¡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most, firewalls, browser add-ons, and even smart TVs, turning small cracks into serious breaches.The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and…
-
Critical RCE flaw impacts over 115,000 WatchGuard firewalls
Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-115-000-watchguard-firewalls-vulnerable-to-ongoing-rce-attacks/
-
Kritische Sicherheitslücke: Laufende Attacken gefährden über 100.000 Firewalls
Allein in Deutschland gibt es rund 13.000 anfällige Watchguard-Firewalls. Angreifer schleusen bereits Schadcode ein. Admins sollten zügig handeln. First seen on golem.de Jump to article: www.golem.de/news/kritische-firebox-luecke-laufende-attacken-gefaehrden-ueber-100-000-firewalls-2512-203504.html
-
Critical RCE flaw impacts over 115,000 WatchGuard firewalls
Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-115-000-watchguard-firewalls-vulnerable-to-ongoing-rce-attacks/
-
Top 10 CERT-In Empanelled Auditors in India in 2026
Organisations today are increasingly exposed to cyber risks originating from unchecked network scanning and unpatched vulnerabilities. At the same time, the rise of malicious large language models like WormGPT and FraudGPT has lowered the barrier for hackers, enabling even less-skilled actors to launch phishing campaigns, create malware, and exploit security gaps with alarming ease. For……
-
Week in review: Exploited zero-day in Cisco email security appliances, Kali Linux 2025.4 released
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How researchers are teaching AI agents to ask for permission the right way … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/21/week-in-review-exploited-zero-day-in-cisco-email-security-appliances-kali-linux-2025-4-released/
-
NDSS 2025 Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems
Tags: attack, conference, detection, exploit, injection, Internet, linux, network, programming, software, tool, vulnerabilitySession 6D: Software Security: Vulnerability Detection Authors, Creators & Presenters: Hengkai Ye (The Pennsylvania State University), Hong Hu (The Pennsylvania State University) PAPER Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems Code injection was a favored technique for attackers to exploit buffer overflow vulnerabilities decades ago. Subsequently, the widespread adoption of lightweight…
-
U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a WatchGuard Fireware OS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a WatchGuard Firebox OS vulnerability, tracked as CVE-2025-14733 (CVSS Score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. This flaw is a critical out-of-bounds write vulnerability in WatchGuard Fireware…
-
25,000+ FortiCloud SSO-Enabled Systems Vulnerable to Remote Exploitation
The Shadowserver Foundation has identified over 25,000 internet-facing Fortinet devices globally with FortiCloud Single Sign-On (SSO) functionality enabled, raising concerns about potential exposure to critical authentication bypass vulnerabilities. The non-profit security organization recently added fingerprinting capabilities for these systems to its Device Identification reporting service, alerting network administrators to verify their security posture immediately. Mass…
-
25,000+ FortiCloud SSO-Enabled Systems Vulnerable to Remote Exploitation
The Shadowserver Foundation has identified over 25,000 internet-facing Fortinet devices globally with FortiCloud Single Sign-On (SSO) functionality enabled, raising concerns about potential exposure to critical authentication bypass vulnerabilities. The non-profit security organization recently added fingerprinting capabilities for these systems to its Device Identification reporting service, alerting network administrators to verify their security posture immediately. Mass…
-
Senate Intel Chair Warns of Open-Source Security Risks
Top Lawmaker Urges White House to Review Foreign Influence in Open-Source Code. A top Republican in the U.S. Senate warned the White House that foreign adversaries are exploiting trusted open-source software used across federal networks and defense systems, urging the National Cyber Director to lead efforts to monitor contributors and reduce supply chain risk. First…
-
‘Critical’ WatchGuard Firebox Vulnerability Exploited In Attacks
A critical-severity vulnerability impacting customers of WatchGuard’s next-generation firewall, Firebox, has seen exploitation in cyberattacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed Friday. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-critical-watchguard-firebox-vulnerability-exploited-in-attacks