Tag: flaw
-
Planet Technology Industrial Switch Flaws Risk Full Takeover Patch Now
by
in SecurityNewsImmersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control…. First seen on hackread.com Jump to article: hackread.com/planet-technology-industrial-switch-flaws-full-takeover/
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells
by
in SecurityNewsA critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how… First seen on hackread.com Jump to article: hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/
-
SAP Fixes Critical Vulnerability After Evidence of Exploitation
by
in SecurityNewsA maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sap-fixes-critical-vulnerability/
-
Commvault warns of critical Command Center flaw
by
in SecurityNews
Tags: access, authentication, ciso, cvss, data, exploit, flaw, infrastructure, network, ransomware, vulnerabilityPre-authentication increases exploitability: Heath Renfrow, CISO and co-founder at FEnix24, told CSO that the vulnerability is both “technically serious” and “operationally significant” for organizations, for a number of reasons.For starters, it enables pre-authentication exploitation, meaning that it can be triggered before any authentication is required, leading to high exploitability without the need for credentials. Additionally, the…
-
SAP fixes suspected Netweaver zero-day exploited in attacks
by
in SecurityNewsSAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
-
Critical Commvault SSRF could allow attackers to execute code remotely
by
in SecurityNews
Tags: access, authentication, ciso, cvss, data, exploit, flaw, infrastructure, network, ransomware, vulnerabilityPre-authentication increases exploitability: Heath Renfrow, CISO and co-founder at FEnix24, told CSO that the vulnerability is both “technically serious” and “operationally significant” for organizations, for a number of reasons.For starters, it enables pre-authentication exploitation, meaning that it can be triggered before any authentication is required, leading to high exploitability without the need for credentials. Additionally, the…
-
Chrome UAF Process Vulnerabilities Actively Exploited
by
in SecurityNewsSecurity researchers have revealed that two critical use-after-free (UAF) vulnerabilities in Google Chrome’s Browser process were actively exploited in the wild, exposing users to potential sandbox escapes and arbitrary code execution. However, Google’s deployment of the MiraclePtr defense mechanism ensures these flaws are no longer exploitable, marking a significant milestone in browser security. Technical Analysis…
-
Critical SAP NetWeaver Flaw (CVE-2025-31324) Actively Exploited
by
in SecurityNewsA critical security flaw in SAP NetWeaver’s Visual Composer component, identified as CVE-2025-31324, has been actively exploited by threat actors. This vulnerability allows unauthenticated attackers to upload malicious files, leading to potential full system compromise. SAP has released a patch… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-31324-actively-exploited/
-
Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching
by
in SecurityNewsThe Cyber Security Agency of Singapore (CSA) has warned users about a critical vulnerability affecting the Commvault Command Center. This Commvault vulnerability, identified as CVE-2025-34028, has been rated with a severity score of 10 out of 10 on the Common Vulnerability Scoring System (CVSS v3.1). It allows unauthenticated remote code execution, posing a direct risk…
-
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
by
in SecurityNewsCybersecurity researchers are warning about a new malware called DslogdRAT that’s installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS).The malware, along with a web shell, were “installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024,” JPCERT/CC researcher Yuma First…
-
Spring Security Vulnerability Exposes Valid Usernames to Attackers
by
in SecurityNewsA newly identified security vulnerability, CVE-2025-22234, has exposed a critical weakness in the widely-used Spring Security framework. According to the HeroDevs report, affecting several versions of the spring-security-crypto package, this flaw makes it possible for attackers to discern valid usernames through observable differences in login response times”, an avenue for so-called “timing attacks.” Spring Security…
-
Microsoft’s Patch for Symlink Vulnerability Introduces New Windows DenialService Flaw
by
in SecurityNewsMicrosoft’s recent attempt to resolve a critical privilege escalation vulnerability has inadvertently introduced a new denial-of-service (DoS) flaw in Windows systems, leaving organizations vulnerable to update failures and potential security risks. In early April 2025, Microsoft addressed CVE-2025-21204, a security flaw that allowed attackers to abuse symbolic links (symlinks) to elevate privileges via the Windows servicing…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
by
in SecurityNewsAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
NVIDIA NeMo Vulnerability Enables Remote Exploits
by
in SecurityNewsNVIDIA has issued an urgent security advisory addressing three high-severity vulnerabilities in its NeMo Framework, a platform widely used for developing AI-powered applications. The flaws, if exploited, could allow attackers to execute malicious code, tamper with data, or take control of vulnerable systems. Users are advised to update to NeMo Framework version 25.02 immediately to…
-
Highest-Risk Security Flaw Found in Commvault Backup Solutions
by
in SecurityNewsA critical path traversal vulnerability in Commvault’s backup and replication solutions has been reported First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-vulnerability-commvault/
-
Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw
by
in SecurityNews
Tags: advisory, cisco, cloud, cyber, flaw, infrastructure, network, remote-code-execution, risk, tool, vulnerabilityCisco has issued a high-severity advisory (cisco-sa-erlang-otp-ssh-xyZZy) warning of a critical remote code execution (RCE) vulnerability in products using Erlang/OTP’s SSH server. The flaw, tracked as CVE-2025-32433, allows unauthenticated attackers to execute arbitrary code on vulnerable devices, posing systemic risks to enterprise networks, cloud infrastructure, and telecom systems. Vulnerability Overview The flaw stems from improper handling…
-
159 CVEs Exploited in Q1 2025, 28.3% Within 24 Hours of Disclosure
by
in SecurityNewsAs many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024.”We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure,” VulnCheck said in a report shared with…
-
Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication
by
in SecurityNews
Tags: authentication, cyber, exploit, firewall, flaw, network, rce, remote-code-execution, vulnerability, zyxelSecurity researcher Alessandro Sgreccia (aka >>rainpwn
-
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
by
in SecurityNewsA critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations.The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0.”A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code…
-
Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory
by
in SecurityNewsA high-severity denial-of-service (DoS) vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust system memory by exploiting improperly limited output buffers. The flaw affects Redis versions 2.6 and newer, with patches now available in updates6.2.18,7.2.8, and7.4.3. How the Exploit Works The vulnerability stems from Redis’s default configuration, which imposes no limits…
-
Critical Langflow Flaw Enables Malicious Code Injection Technical Breakdown Released
by
in SecurityNews
Tags: ai, cve, cvss, cyber, endpoint, flaw, injection, malicious, open-source, remote-code-execution, risk, vulnerabilityA critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score of 9.8, has been uncovered in Langflow, an open-source platform widely used for visually designing AI-driven agents and workflows. This flaw, residing in the platform’s /api/v1/validate/code endpoint, poses a significant risk to organizations leveraging Langflow in their AI development ecosystems. The…
-
SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely
by
in SecurityNewsSonicWall has issued an urgent advisory (SNWLID-2025-0009) warning of a high-severity vulnerability in its SSLVPN Virtual Office interface that enables unauthenticated attackers to remotely crash firewalls, causing widespread network disruptions. Tracked as CVE-2025-32818, this flaw carries a CVSS v3 score of 7.5 and affects dozens of firewall models across its Gen7 and TZ80 product lines. The…
-
Microsoft Offers $30,000 Bounties for AI Security Flaws
by
in SecurityNewsMicrosoft has launched a new bounty program that offers up to $30,000 to security researchers who discover vulnerabilities in its AI and machine learning (AI/ML) technologies. This initiative, announced by the Microsoft Security Response Center (MSRC), aims to encourage responsible disclosure of flaws that could pose serious risks to users and organizations relying on Microsoft’s…
-
CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability
by
in SecurityNews
Tags: access, advisory, ai, attack, chatgpt, cve, data, exploit, firewall, flaw, germany, mitigation, remote-code-execution, update, vulnerabilityProof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices. Background On April 16, Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany disclosed a critical vulnerability in Erlang/OTP SSH…
-
Critical AnythingLLM Vulnerability Exposes Systems to Remote Code Execution
by
in SecurityNews
Tags: ai, cve, cyber, cybersecurity, exploit, flaw, malicious, open-source, remote-code-execution, vulnerabilityA critical security flaw (CVE-2024-13059) in the open-source AI frameworkAnythingLLMhas raised alarms across cybersecurity communities. The vulnerability, discovered in February 2025, allows attackers with administrative privileges to execute malicious code remotely, potentially compromising entire systems. Detail Description CVE ID CVE-2024-13059 Severity Critical (CVSS 9.1) EPSS Score 0.04% (Low exploitation probability) Affected Versions AnythingLLM versions <…
-
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out”‘of”‘band…