Tag: flaw
-
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence
Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
-
Hospital System Flaws Could Leak Patient Data, CISA Says
Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access Data. U.S. federal authorities are warning about vulnerabilities in hospital information management systems from Romanian firm Vertikal Systems that could allow hackers to obtain and disclose patient data. The affected systems are used mostly by smaller hospitals and clinics outside the United States. First seen on…
-
Hospital System Flaws Could Leak Patient Data, CISA Says
Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access Data. U.S. federal authorities are warning about vulnerabilities in hospital information management systems from Romanian firm Vertikal Systems that could allow hackers to obtain and disclose patient data. The affected systems are used mostly by smaller hospitals and clinics outside the United States. First seen on…
-
When Windows Helpers Turn Hostile: DLL Hijacks Return
A Windows flaw in the Narrator tool enables DLL hijacks and persistence. Learn how attackers exploit it and how to harden systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/windows-helper-dll-hijack/
-
Critical Blink Vulnerability Lets Attackers Crash Chromium Browsers in Seconds
Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, calledBrash, allows malicious actors to completely crash Chrome, Edge, Brave, Opera, and other Chromium browsers within 15 to 60 seconds through a simple code injection. The attack exploits…
-
Critical Blink Vulnerability Lets Attackers Crash Chromium Browsers in Seconds
Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, calledBrash, allows malicious actors to completely crash Chrome, Edge, Brave, Opera, and other Chromium browsers within 15 to 60 seconds through a simple code injection. The attack exploits…
-
Jenkins Flaws Expose SAML Authentication Bypass and MCP Server Plugin Weaknesses
Tags: advisory, authentication, automation, credentials, cyber, flaw, infrastructure, threat, vulnerabilityJenkins automation server users face critical security threats following the disclosure of 14 distinct vulnerabilities spanning multiple plugins. The security advisory reveals a widespread pattern of authentication bypass mechanisms, missing permission enforcement, and credential exposure issues that collectively put enterprise CI/CD infrastructure at serious risk. SAML Authentication Bypass Threatens User Sessions The most critical flaw…
-
Jenkins Flaws Expose SAML Authentication Bypass and MCP Server Plugin Weaknesses
Tags: advisory, authentication, automation, credentials, cyber, flaw, infrastructure, threat, vulnerabilityJenkins automation server users face critical security threats following the disclosure of 14 distinct vulnerabilities spanning multiple plugins. The security advisory reveals a widespread pattern of authentication bypass mechanisms, missing permission enforcement, and credential exposure issues that collectively put enterprise CI/CD infrastructure at serious risk. SAML Authentication Bypass Threatens User Sessions The most critical flaw…
-
Privilege Escalation Exploit Targets Windows Cloud Files Minifilter
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern for systems utilising OneDrive and similar cloud synchronisation services. Attribute Details CVE Identifier CVE-2025-55680 Vulnerability Type Race Condition (TOCTOU) Affected Component cldflt.sys…
-
Privilege Escalation Exploit Targets Windows Cloud Files Minifilter
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern for systems utilising OneDrive and similar cloud synchronisation services. Attribute Details CVE Identifier CVE-2025-55680 Vulnerability Type Race Condition (TOCTOU) Affected Component cldflt.sys…
-
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s First…
-
SessionReaper Comes Calling: Magento Exploit Haunts Halloween
A critical Magento flaw, SessionReaper (CVE-2025-54236), is exploited in the wild. Learn how to patch and protect your e-commerce systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/magento-exploit-sessionreaper/
-
Ubuntu Kernel Flaw Opens the Door to Privilege Escalation
A new Ubuntu kernel flaw lets local attackers gain root access through patch inconsistencies. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/ubuntu-kernel-flaw-opens-the-door-to-privilege-escalation/
-
Hackers Hijack Corporate XWiki Servers for Crypto Mining
Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers. First seen on hackread.com Jump to article: hackread.com/hackers-hijack-xwiki-servers-crypto-mining/
-
Hackers Hijack Corporate XWiki Servers for Crypto Mining
Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers. First seen on hackread.com Jump to article: hackread.com/hackers-hijack-xwiki-servers-crypto-mining/
-
Hackers Hijack Corporate XWiki Servers for Crypto Mining
Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers. First seen on hackread.com Jump to article: hackread.com/hackers-hijack-xwiki-servers-crypto-mining/
-
Botnets Step Up Cloud Attacks Via Flaws, Misconfigurations
Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/botnets-cloud-attacks-flaws-misconfigurations
-
API Attack Awareness: Business Logic Abuse, Exploiting the Rules of the Game
As Cybersecurity Awareness Month continues, we wanted to dive even deeper into the attack methods affecting APIs. We’ve already reviewed Broken Object Level Authentication (BOLA), injection attacks, and authentication flaws; this week, we’re exploring business logic abuse (BLA). Unlike technical flaws, business logic flaws exploit how an API is designed to behave. They are difficult…
-
API Attack Awareness: Business Logic Abuse, Exploiting the Rules of the Game
As Cybersecurity Awareness Month continues, we wanted to dive even deeper into the attack methods affecting APIs. We’ve already reviewed Broken Object Level Authentication (BOLA), injection attacks, and authentication flaws; this week, we’re exploring business logic abuse (BLA). Unlike technical flaws, business logic flaws exploit how an API is designed to behave. They are difficult…
-
Google Wear OS Flaw Lets Any App Send Texts on Behalf of Users
A critical vulnerability discovered in Google Messages for Wear OS has exposed millions of smartwatch users to a significant security risk. Identified as CVE-2025-12080, the flaw allows any installed application to send text messages on behalf of the user without requiring permissions, confirmation, or user interaction. Security researcher Gabriele Digregorio discovered the vulnerability in March…
-
PHP Servers and IoT Devices Face Growing Cyber-Attack Risks
A rise in attacks on PHP servers, IoT devices and cloud gateways is linked to botnets exploiting flaws, according to new research published by Qualys First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/php-servers-and-iot-devices-cyber/
-
PHP Servers and IoT Devices Face Growing Cyber-Attack Risks
A rise in attacks on PHP servers, IoT devices and cloud gateways is linked to botnets exploiting flaws, according to new research published by Qualys First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/php-servers-and-iot-devices-cyber/
-
Apache Tomcat Path Traversal Vulnerability (CVE-2025-55752) Notice
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Tomcat path traversal vulnerability (CVE-2025-55752); This vulnerability is a flaw introduced when fixing CVE-2016-5388. Since the rewritten URL is normalized before URL decoding, if the system is configured with rewrite rules to rewrite query parameters into the URL, an authenticated…The…
-
Docker Compose Flaw Lets Attackers Overwrite Arbitrary Files
A path traversal vulnerability discovered in Docker Compose allows attackers to write arbitrary files to host systems through specially crafted OCI artifacts. Tracked as CVE-2025-62725, the flaw was discovered in early October 2025 and carries a high severity rating of 8.9 CVSS. CVE ID CVE-2025-62725 Component Docker Compose OCI Artifacts Vulnerability Type Path Traversal /…
-
Apache Tomcat Path Traversal Vulnerability (CVE-2025-55752) Notice
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Tomcat path traversal vulnerability (CVE-2025-55752); This vulnerability is a flaw introduced when fixing CVE-2016-5388. Since the rewritten URL is normalized before URL decoding, if the system is configured with rewrite rules to rewrite query parameters into the URL, an authenticated…The…
-
CISA Issues Alert on Active Exploitation of Dassault Systèmes Security Flaws
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, mitigation, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding two severe vulnerabilities discovered in Dassault Systèmes DELMIA Apriso, a widely used manufacturing execution system. The agency has added these flaws to its official list of vulnerabilities that pose immediate risks to organisations and require urgent mitigation action. CVE ID Product…
-
CISA Issues Alert on Active Exploitation of Dassault Systèmes Security Flaws
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, mitigation, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding two severe vulnerabilities discovered in Dassault Systèmes DELMIA Apriso, a widely used manufacturing execution system. The agency has added these flaws to its official list of vulnerabilities that pose immediate risks to organisations and require urgent mitigation action. CVE ID Product…
-
U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management (MOM) and Manufacturing Execution System (MES) platform.…
-
Active Exploits Hit Dassault and XWiki, CISA Confirms Critical Flaws Under Attack
Tags: attack, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, threat, vulnerabilityThreat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck.The vulnerabilities are listed below -CVE-2025-6204 (CVSS score: 8.0) – A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to First…
-
XWiki Remote Code Execution Flaw Actively Weaponized for Coinmining
Tags: crypto, cve, cyber, cybersecurity, exploit, flaw, malware, remote-code-execution, software, threat, vulnerabilityA critical security vulnerability in XWiki collaboration software is being actively exploited by threat actors to deploy cryptocurrency mining malware on vulnerable systems. The flaw, tracked as CVE-2025-24893, represents a serious threat to organizations running unpatched XWiki installations. Cybersecurity researchers at VulnCheck have captured concrete evidence of active exploitation through their canary network. CVE Details…