Tag: flaw
-
U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: In mid-October,…
-
When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
The Race for Every New CVEBased on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as actively targeted within days of public disclosure. Each new announcement…
-
CISA warns of WatchGuard firewall flaw exploited in attacks
CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-watchguard-firewall-flaw-exploited-in-attacks/
-
CISA warns of WatchGuard firewall flaw exploited in attacks
CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-watchguard-firewall-flaw-exploited-in-attacks/
-
Amazon alerts: advanced threat actor exploits Cisco ISE Citrix NetScaler zero-days
Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon’s threat intelligence researchers spotted an advanced threat actor exploiting two previously undisclosed zero-day flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC to deliver custom malware. Attackers also exploited multiple undisclosed vulnerabilities. Amazon’s…
-
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including First seen on thehackernews.com…
-
Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608, carries a maximum CVSS severity score of 9.1, indicating an exceptionally high risk to affected environments. CVE ID Product Affected Versions Remediated…
-
CISA Warns of Active Exploitation of WatchGuard Firebox OutBounds Write Flaw
Tags: cisa, cve, cyber, cybersecurity, exploit, firewall, flaw, infrastructure, kev, network, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-9242, poses severe risks to organizations relying on these devices for network security. The Vulnerability WatchGuard Firebox firewalls contain an out-of-bounds write…
-
Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services. Field Value CVE ID CVE-2025-12101 Vulnerability Type Cross-Site Scripting (XSS) CWE Classification CWE-79: Improper Neutralization…
-
Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services. Field Value CVE ID CVE-2025-12101 Vulnerability Type Cross-Site Scripting (XSS) CWE Classification CWE-79: Improper Neutralization…
-
Mindgard Finds Sora 2 Vulnerability Leaking Hidden System Prompt via Audio
AI security firm Mindgard discovered a flaw in OpenAI’s Sora 2 model, forcing the video generator to leak… First seen on hackread.com Jump to article: hackread.com/mindgard-sora-2-vulnerability-prompt-via-audio/
-
Microsoft users warned over privilege elevation flaw
An elevation of privilege vulnerability in Windows Kernel tops the list of issues to address in the latest monthly Patch Tuesday update. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634166/Microsoft-users-warned-over-privilege-elevation-flaw
-
SAP fixed a maximum severity flaw in SQL Anywhere Monitor
SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, including a critical flaw in SQL Anywhere Monitor, with the release of November 2025 notes. The vulnerability, tracked as CVE-2025-42890 (CVSS score of 10/10), is an insecure key…
-
BeeStation RCE Zero-Day Puts Synology Devices at High Risk
A critical BeeStation OS flaw lets attackers run remote code on unpatched Synology devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/beestation-rce-zero-day-puts-synology-devices-at-high-risk/
-
Critical Zoom Vulnerability Exposes Windows Users to Attacks
A new Zoom Workplace flaw (CVE-2025-64740) lets attackers escalate privileges on Windows. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/critical-zoom-vulnerability-exposes-windows-users-to-attacks/
-
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws
Today is Microsoft’s November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/
-
Critical Zoom Vulnerability Exposes Windows Users to Attacks
A new Zoom Workplace flaw (CVE-2025-64740) lets attackers escalate privileges on Windows. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/critical-zoom-vulnerability-exposes-windows-users-to-attacks/
-
Monsta FTP Remote Code Execution Vulnerability (CVE-2025-34299)
Critical flaw in Monsta FTP (CVE-2025-34299) allows remote code execution without authentication, putting thousands of servers at risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/monsta-ftp-remote-code-execution-vulnerability-cve-2025-34299/
-
Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)
CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/11/samsung-spyware-cve-2025-21042/
-
SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor
SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sap-fixes-hardcoded-credentials-flaw-in-sql-anywhere-monitor/
-
Zoom Workplace for Windows Flaw Allows Local Privilege Escalation
A security vulnerability has been discovered in Zoom Workplace’s VDI Client for Windows that could allow attackers to escalate their privileges on affected systems. The flaw, tracked as CVE-2025-64740 and assigned bulletin ZSB-25042, has been rated as High severity with a CVSS score of 7.5. Attribute Details CVE ID CVE-2025-64740 Bulletin ID ZSB-25042 Product Zoom Workplace VDI…
-
Zoom Workplace for Windows Flaw Allows Local Privilege Escalation
A security vulnerability has been discovered in Zoom Workplace’s VDI Client for Windows that could allow attackers to escalate their privileges on affected systems. The flaw, tracked as CVE-2025-64740 and assigned bulletin ZSB-25042, has been rated as High severity with a CVSS score of 7.5. Attribute Details CVE ID CVE-2025-64740 Bulletin ID ZSB-25042 Product Zoom Workplace VDI…
-
WinRAR Vulnerability Exploited by APT08 to Target Government Agencies
The notorious APT-C-08 hacking group, also known as BITTER, has been observed weaponizing a critical WinRAR directory traversal vulnerability (CVE-2025-6218) to launch sophisticated attacks against government organizations across South Asia. This development marks a concerning evolution in the threat actor’s capabilities, as the group leverages this easily exploitable flaw to infiltrate sensitive systems and steal classified…
-
WinRAR Vulnerability Exploited by APT08 to Target Government Agencies
The notorious APT-C-08 hacking group, also known as BITTER, has been observed weaponizing a critical WinRAR directory traversal vulnerability (CVE-2025-6218) to launch sophisticated attacks against government organizations across South Asia. This development marks a concerning evolution in the threat actor’s capabilities, as the group leverages this easily exploitable flaw to infiltrate sensitive systems and steal classified…
-
SAP Releases Security Update to Fix Critical Code Execution and Injection Flaws
SAP has released a significant security update addressing 18 new vulnerabilities across its enterprise software portfolio, including several critical flaws related to code execution and data injection. This monthly security patch day features four high-severity vulnerabilities that require immediate attention from organizations utilizing SAP infrastructure. The most severe vulnerabilities have a CVSS score of 10.0,…
-
Hackers Exploit Critical Flaw in Gladinet’s Triofox File Sharing Product
Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-exploit-critical-flaw/
-
Hackers Exploit Critical Flaw in Gladinet’s Triofox File Sharing Product
Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-exploit-critical-flaw/