Tag: flaw
-
NCSC’s ‘Proactive Notifications’ warns orgs of flaws in exposed devices
The UK’s National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ncscs-proactive-notifications-warns-orgs-of-flaws-in-exposed-devices/
-
Dangerous RCE Flaw in React, Next.js Threatens Cloud Environments, Apps
Security and developer teams are scrambling to address a highly critical security flaw in frameworks tied to the popular React JavaScript library. Not only is the vulnerability, which also is in the Next.js framework, easy to exploit, but React is widely used, including in 39% of cloud environments. First seen on securityboulevard.com Jump to article:…
-
Critical vulnerabilities found in React and Next.js
Researchers warn the flaws can be easily leveraged to achieve full remote code execution. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-vulnerabilities-found-in-react-and-nextjs/807016/
-
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files First seen on theregister.com Jump to article: www.theregister.com/2025/12/04/microsoft_lnk_bug_fix/
-
Critical React, Next.js flaw lets hackers execute code on servers
A maximum severity vulnerability, dubbed ‘React2Shell’, in the React Server Components (RSC) ‘Flight’ protocol allows remote code execution without authentication in React and Next.js applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-react2shell-flaw-in-react-nextjs-lets-hackers-run-javascript-code/
-
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now. First seen on hackread.com Jump to article: hackread.com/webxr-flaw-chromium-users-browser-update/
-
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for…
-
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for…
-
Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers
Akamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17, 2025, and the company says no action is needed from customers. The flaw is now tracked as CVE-2025-66373. Field Detail CVE ID CVE-2025-66373 Vendor Akamai Component Akamai edge servers Vulnerability…
-
Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers
Akamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17, 2025, and the company says no action is needed from customers. The flaw is now tracked as CVE-2025-66373. Field Detail CVE ID CVE-2025-66373 Vendor Akamai Component Akamai edge servers Vulnerability…
-
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for…
-
K7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level Privileges
A critical security vulnerability has been discovered in K7 Ultimate Security antivirus software that allows attackers to gain the highest level of system access on Windows computers. The flaw, tracked asCVE-2024-36424, enables low-privileged users to escalate their permissions to SYSTEM level, giving them complete control over affected machines. How the Vulnerability Works K7 Ultimate Security…
-
K7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level Privileges
A critical security vulnerability has been discovered in K7 Ultimate Security antivirus software that allows attackers to gain the highest level of system access on Windows computers. The flaw, tracked asCVE-2024-36424, enables low-privileged users to escalate their permissions to SYSTEM level, giving them complete control over affected machines. How the Vulnerability Works K7 Ultimate Security…
-
Mysterious Shutdown of Porsche Vehicles in Russia Sparks Fears Over Connected-Car Vulnerabilities
Hundreds of Porsche vehicles across Russia have abruptly stopped functioning, triggering concern over potential security flaws in modern connected-car technology. Reports circulating inside the country, by numerous frustrated posts on social media, describe Porsche models that suddenly refuse to start, leaving owners stranded and searching for answers. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/porsche-russia-vehicle-tracking-system-failure/
-
Microsoft Silently Fixes 8-Year Windows Security Flaw
The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows’ standard interface. The post Microsoft Silently Fixes 8-Year Windows Security Flaw appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-fixes-security-flaw/
-
Hackers Actively Exploit New Windows LNK 0-Day Vulnerability
A newly discovered security flaw in Windows shortcut files is being actively used by hackers to target diplomatic organisations. The vulnerability allows attackers to conceal malicious commands within shortcut files (.lnk), making them invisible to users. The Discovery and Initial Rejection The issue was first highlighted in March 2025 by researchers at Trend Micro. They…
-
Developers urged to immediately upgrade React, Next.js
create-next-app and built for production is vulnerable without any specific code modifications by the developer,” Wiz also warns.The problem in React’s server package, designated CVE-2025-55182, is a logical deserialization vulnerability allowing the server to processes RSC payloads in an unsafe way. When a server receives a specially crafted, malformed payload, say Wiz researchers, it fails to validate the…
-
RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments
Tags: access, ai, api, attack, automation, backdoor, cloud, exploit, flaw, google, malicious, open-source, openai, rce, remote-code-execution, risk, service, tool, vulnerabilityMultiple attack vectors: For this flaw to be exploited, the victim needs to clone the repository and run Codex on it and an attacker needs to have commit access to the repo or have their malicious pull request accepted.”Compromised templates, starter repos, or popular open-source projects can weaponize many downstream consumers with a single commit,”…
-
King Addons flaw lets anyone become WordPress admin
Hackers are exploiting a King Addons flaw (CVE-2025-8489) that lets anyone register and instantly gain admin privileges on WordPress sites. Hackers are exploiting a critical vulnerability, tracked as CVE-2025-8489 (CVSS score of 9.8), in the WordPress plugin King Addons for Elementor that allows unauthenticated users to create admin accounts via a registration privilege bug. King…
-
When ERP Systems Become the Attack Surface
Tags: attack, business, cyber, data-breach, flaw, oracle, skills, vulnerability, vulnerability-managementSkills Needed: Enterprise Architecture, Configuration and Vulnerability Management When a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation. First seen on govinfosecurity.com Jump to…
-
CISA Warns of Severe Flaws in Nuclear Med Tracking Software
Mirion Medical Says Bugs Are Fixed in New Release of BioDose/NMIS Software. U.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisa-warns-severe-flaws-in-nuclear-med-tracking-software-a-30189
-
Critical flaw in WordPress add-on for Elementor exploited in attacks
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-flaw-in-wordpress-add-on-for-elementor-exploited-in-attacks/
-
Critical React Flaw Triggers Calls for Immediate Action
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-react-flaw-triggers-immediate-action
-
Developers scramble as critical React flaw threatens major apps
The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments. First seen on cyberscoop.com Jump to article: cyberscoop.com/react-server-vulnerability-critical-severity-security-update/
-
Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk
Cybersecurity startup Aisle discovered a subtle but dangerous coding error in a Firefox WebAssembly implementation sat undetected for six months despite being shipped with a regression testing capability created by Mozilla to find such a problem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/undetected-firefox-webassembly-flaw-put-180-million-users-at-risk/
-
Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk
Cybersecurity startup Aisle discovered a subtle but dangerous coding error in a Firefox WebAssembly implementation sat undetected for six months despite being shipped with a regression testing capability created by Mozilla to find such a problem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/undetected-firefox-webassembly-flaw-put-180-million-users-at-risk/
-
Stealth RCE in Codex Exposes Developer Workflows
A Codex CLI flaw lets attackers turn simple repo files into hidden execution triggers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/stealth-rce-in-codex-exposes-developer-workflows/
-
Fortinet FortiWeb flaws found in unsupported versions of web application firewall
Security researchers raise new concerns after the company previously failed to issue prompt security guidance. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fortinet-fortiweb-flaws-found-in-unsupported-versions-of-web-application-fi/806791/
-
Critical PickleScan Vulnerabilities Expose AI Model Supply Chains
3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/
-
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform…