Tag: flaw
-
Burp Suite Upgrades Scanner With Detection for Critical React2Shell Flaws
ActiveScan++, a widely used extension for the popular penetration testing tool Burp Suite, has released a significant upgrade. The scanner now includes specific detection capabilities for the critical >>React2Shell
-
SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver More
SAP has released its December 2025 Security Patch Day updates, addressing 14 new security notes that fix multiple critical and high”‘severity vulnerabilities across key enterprise products. Administrators are strongly advised to review the latest security notes in the SAP Support Portal and apply the patches without delay to protect their SAP environments. The most serious…
-
SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver More
SAP has released its December 2025 Security Patch Day updates, addressing 14 new security notes that fix multiple critical and high”‘severity vulnerabilities across key enterprise products. Administrators are strongly advised to review the latest security notes in the SAP Support Portal and apply the patches without delay to protect their SAP environments. The most serious…
-
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0
A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
-
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0
A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
-
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0
A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
UK cyber agency warns LLMs will always be vulnerable to prompt injection
The comments echo many in the research community who have said the flaw is an inherent trait of generative AI technology. First seen on cyberscoop.com Jump to article: cyberscoop.com/uk-warns-ai-prompt-injection-unfixable-security-flaw/
-
New Splunk Windows Flaw Enables Privilege Escalation Attacks
Splunk for Windows has a high-severity flaw that lets local users escalate privileges through misconfigured file permissions. Learn how to fix it. The post New Splunk Windows Flaw Enables Privilege Escalation Attacks appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-splunk-windows-flaw-dec-2025/
-
Marquis Software Breach Affects Over 780,000 Nationwide
A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/marquis-software-breach/
-
AWS: China-linked threat actors weaponized React2Shell hours after disclosure
Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182, also known as the React2Shell flaw, within hours, according to AWS Security. The researchers confirmed that this vulnerability doesn’t affect AWS services, however they opted to share threat intelligence data to…
-
‘Broadside’ Mirai Variant Targets Maritime Logistics Sector
‘Broadside’ is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/broadside-mirai-variant-maritime-logistics
-
‘Broadside’ Mirai Variant Targets Maritime Logistics Sector
‘Broadside’ is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/broadside-mirai-variant-maritime-logistics
-
Home Office kept police facial recognition flaws to itself, UK data watchdog fumes
Regulator disappointed as soon-to-be-scrapped algo’s problems remained a secret despite consistent engagement First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/ico_home_office_rfr/
-
Home Office kept police facial recognition flaws to itself, UK data watchdog fumes
Regulator disappointed as soon-to-be-scrapped algo’s problems remained a secret despite consistent engagement First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/ico_home_office_rfr/
-
CISA Adds Critical React2Shell Vulnerability to KEV Catalog After Active Exploitation
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Meta’s React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifier CVE-2025-55182, the security flaw dubbed >>React2Shell
-
CISA Adds Critical React2Shell Vulnerability to KEV Catalog After Active Exploitation
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Meta’s React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifier CVE-2025-55182, the security flaw dubbed >>React2Shell
-
Home Office kept police facial recognition flaws to itself, UK data watchdog fumes
Regulator disappointed as soon-to-be-scrapped algo’s problems remained a secret despite consistent engagement First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/ico_home_office_rfr/
-
Home Office kept police facial recognition flaws to itself, UK data watchdog fumes
Regulator disappointed as soon-to-be-scrapped algo’s problems remained a secret despite consistent engagement First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/ico_home_office_rfr/
-
WatchGuard Firebox Vulnerabilities Let Hackers Skip Integrity Validation and Plant Malicious Code
WatchGuard Technologies has disclosed critical security vulnerabilities affecting its Firebox firewall products that could allow attackers to bypass system integrity checks and execute malicious code. The company released patches on December 4, 2025, addressing six distinct vulnerabilities that pose significant risks to enterprise network security. Multiple WatchGuard Firebox Vulnerabilities One of the most concerning flaws…
-
WatchGuard Firebox Vulnerabilities Let Hackers Skip Integrity Validation and Plant Malicious Code
WatchGuard Technologies has disclosed critical security vulnerabilities affecting its Firebox firewall products that could allow attackers to bypass system integrity checks and execute malicious code. The company released patches on December 4, 2025, addressing six distinct vulnerabilities that pose significant risks to enterprise network security. Multiple WatchGuard Firebox Vulnerabilities One of the most concerning flaws…
-
Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell
A critical React2Shell (CVE-2025-55182) RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cloudflare-forces-widespread-outage-to-mitigate-exploitation-of-maximum-severity-vulnerability-in-react2shell/
-
Barts Health seeks High Court block after Clop pillages NHS trust data
Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/barts_health_clop_block/
-
Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell
A critical React2Shell (CVE-2025-55182) RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cloudflare-forces-widespread-outage-to-mitigate-exploitation-of-maximum-severity-vulnerability-in-react2shell/
-
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a a Meta React Server Components flaw, tracked as CVE-2025-55182 (CVSS Score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a pre-authentication remote code execution…
-
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August…