Tag: flaw
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
CERT-In Warns of Critical Asus Router Flaw Exposing Millions in India
According to the Indian Computer Emergency Response Team (CERT-In), thousands of households, small offices, and service providers across the country may already be at risk due to a newly uncovered authentication bypass flaw tracked as CVE-2025-59367. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-warning-asus-router-cve-2025-59367/
-
SolarWinds addressed three critical flaws in Serv-U
SolarWinds patched three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. SolarWinds addressed three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. The first vulnerability, tracked as CVE-2025-40549 (CVSS score 9.1), is a path restriction bypass issue that impacts Serv-U. An attacker with…
-
Grafana SCIM Flaw Allows Admin Impersonation and Full Takeover
A severe SCIM vulnerability in Grafana allows for user and admin impersonation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/grafana-scim-flaw-allows-admin-impersonation-and-full-takeover/
-
Critical Grafana Flaw Lets Attackers Escalate Privileges
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0 (Critical), affects Grafana Enterprise versions 12.0.0 through 12.2.1 under specific configurations. Organizations using affected versions should update immediately…
-
Critical Grafana Flaw Lets Attackers Escalate Privileges
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0 (Critical), affects Grafana Enterprise versions 12.0.0 through 12.2.1 under specific configurations. Organizations using affected versions should update immediately…
-
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First First seen on…
-
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First First seen on…
-
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First First seen on…
-
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First First seen on…
-
NHS Warns of PoC Exploit for 7-Zip Symbolic LinkBased RCE Vulnerability
Update: The NHS England Digital, in an updated advisory on November 20, 2025, said it has not observed in-the-wild exploitation of CVE-2025-11001, but noted that it’s “aware of a public proof-of-concept exploit.” It has since removed what it said were “erroneous references” to active exploitation.The original story follows below -A recently disclosed security flaw impacting…
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles
Researchers disclosed a WhatsApp flaw that exposed 3.5B accounts. Meta has patched it to prevent this mass enumeration. A team of researchers at the University of Vienna found a WhatsApp flaw that could scrape 3.5 billion accounts. Meta has since patched the vulnerability to block this enumeration technique. Users discover contacts by querying WhatsApp servers…
-
CVE-2025-50165: Critical Flaw in Windows Graphics Component
IntroductionIn May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The vulnerability lies within windowscodecs.dll, and any application that uses this library as a dependency is vulnerable to compromise, such as a Microsoft Office document. For example, attackers can exploit the…
-
Breach Roundup: Cloudflare Outage Root Cause
Also: Fortinet Flaws, Aisuru Botnet and Dutch Police Seize Bulletproof Host Servers. This week, the root cause of the Cloudflare outage, active exploitation of Fortinet flaws, Logitech disclosed a data breach, Microsoft headed off a record-breaking botnet attack, Dutch police seized bulletproof hosting servers and Princeton University disclosed a data breach after a phishing attack.…
-
CISA Alerts Users to Active Attacks on Chrome 0-Day Vulnerability
Tags: attack, browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223, resides in Google Chromium’s V8 JavaScript engine and poses an immediate threat to millions of users worldwide. Understanding the Vulnerability CVE-2025-13223…
-
CISA Alerts Users to Active Attacks on Chrome 0-Day Vulnerability
Tags: attack, browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223, resides in Google Chromium’s V8 JavaScript engine and poses an immediate threat to millions of users worldwide. Understanding the Vulnerability CVE-2025-13223…
-
Milvus Proxy Flaw Lets Attackers Forge Headers and Skip Authorization
A critical authentication bypass vulnerability in the Milvus vector database could allow attackers to gain administrative access without credentials. The flaw exists in how the Milvus Proxy component handles HTTP headers, treating user-controlled data as trusted internal credentials. Critical Security Risk in Vector Database Milvus, an open-source vector database widely used for generative AI applications,…
-
WhatsApp Flaw Enables Massive Scraping of 3.5 Billion User Accounts
Tags: flawA WhatsApp flaw allowed researchers to scrape 3.5 billion accounts, showing how simple app features can create serious security risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/whatsapp-flaw-enables-massive-scraping-of-3-5-billion-user-accounts/
-
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet.The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024. The attack,…
-
Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
The medium severity vulnerability can be chained together with a critical flaw in the same product, which could help attackers gain additional capabilities. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/command-injection-flaw-fortinet-fortiweb-exploitation/806027/
-
New SonicWall SonicOS flaw allows hackers to crash firewalls
American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-sonicwall-sonicos-flaw-allows-hackers-to-crash-firewalls/
-
D-Link warns of new RCE flaws in end-of-life DIR-878 routers
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/d-link-warns-of-new-rce-flaws-in-end-of-life-dir-878-routers/
-
Critical 7-Zip Vulnerability CVE-2025-11001 Prompts NHS Cyber Alert
A newly discovered security flaw, identified as CVE-2025-11001, is targeting users across both public and private sectors. The vulnerability, affecting all versions of 7-Zip before 25.00, allows attackers to execute malicious code remotely, potentially compromising critical systems. NHS Digital issued a cyber alert urging organizations and users to take immediate action. First seen on thecyberexpress.com…
-
Critical 7-Zip Vulnerability CVE-2025-11001 Prompts NHS Cyber Alert
A newly discovered security flaw, identified as CVE-2025-11001, is targeting users across both public and private sectors. The vulnerability, affecting all versions of 7-Zip before 25.00, allows attackers to execute malicious code remotely, potentially compromising critical systems. NHS Digital issued a cyber alert urging organizations and users to take immediate action. First seen on thecyberexpress.com…
-
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves
This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used…
-
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices
SquareX warns Perplexity’s Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control. First seen on hackread.com Jump to article: hackread.com/comet-browser-flaw-hidden-api-commands-devices/
-
Critical Twonky Server Flaws Let Hackers Bypass Login Protection
Tags: api, authentication, control, credentials, cyber, encryption, endpoint, flaw, hacker, leak, login, password, vulnerabilityTwonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to steal administrator credentials and take complete control of the media server. Security researchers at Rapid7 discovered that an attacker can leak encrypted admin passwords through an unprotected API endpoint, then decrypt them using hardcoded encryption keys embedded directly in the…
-
Ollama Flaws Let Hackers Run Any Code Using Malicious Model Files
Critical security vulnerabilities discovered in Ollama, one of GitHub’s most popular open-source projects with over 155,000 stars, could allow attackers to execute arbitrary code on vulnerable systems. The flaws affect Ollama versions before 0.7.0, putting countless AI enthusiasts and developers who use the platform to run large language models locally at risk. Understanding the Vulnerability…
-
7-Zip RCE Vulnerability Actively Exploited by Hackers
Tags: cve, cvss, cyber, cybersecurity, exploit, flaw, hacker, malicious, rce, remote-code-execution, risk, software, vulnerabilityCybersecurity researchers have reported active exploitation of a critical vulnerability in 7-Zip, the popular file compression software used by millions worldwide. The flaw, tracked as CVE-2025-11001, poses serious risks as attackers are leveraging it to execute malicious code remotely on vulnerable systems. Vulnerability Details CVE ID Vulnerability Type CVSS Score Affected Product CVE-2025-11001 File Parsing…