Tag: vulnerability
-
Ransomware gangs join ongoing SAP NetWeaver attacks
by
in SecurityNewsRansomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-gangs-join-ongoing-sap-netweaver-attacks/
-
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
by
in SecurityNewsSamsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild.The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw.”Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052…
-
Enisa launches European vulnerability database
by
in SecurityNewsThe EU’s new vulnerability database is designed to offer a broader, more transparent source of information on new cyber vulnerabilities First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623995/Enisa-launches-European-vulnerability-database
-
As US CVE Database Fumbles, EU ‘Replacement’ Goes Live
by
in SecurityNewsDiesen Kuß der ganzen Welt! European Union Vulnerability Database (EUVD) launches this week. And not a moment too soon. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/euvd-launch-cve-richixbw/
-
New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution
by
in SecurityNewsAdobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in Photoshop 2024 and 2025 that could enable arbitrary code execution on Windows and macOS systems. The flaws, discovered by external researcher yjdfy through Adobe’s HackerOne bug bounty program, involve memory corruption risks stemming from integer manipulation and uninitialized pointer access. While…
-
Severe Adobe Illustrator Flaw Allows Remote Code Execution
by
in SecurityNewsAdobe has issued an urgent security update for its widely used graphic design software, Adobe Illustrator, following the discovery of a critical heap-based buffer overflow vulnerability tracked as CVE-2025-30330. This flaw, which allows arbitrary code execution on affected systems, impacts both Windows and macOS versions of Illustrator 2024 and 2025. Rated with a CVSS score…
-
‘Admin’ and ‘123456’ Still Among Most Used Passwords in FTP Attacks
by
in SecurityNewsWeak passwords continue to be a major vulnerability for FTP servers. Specops’ latest report highlights the most frequent… First seen on hackread.com Jump to article: hackread.com/admin-123456-most-used-passwords-ftp-attacks/
-
Critical Vulnerability in Windows Remote Desktop Gateway Allows DenialService Attacks
by
in SecurityNewsMicrosoft has disclosed two critical vulnerabilities in its Remote Desktop Gateway (RDG) service, posing significant risks to organizational networks. CVE-2025-26677 and CVE-2025-29831, both rated Important by Microsoft, enable denial-of-service (DoS) attacks and remote code execution (RCE), respectively. These flaws, patched in Microsoft’s May 2025 security update, underscore persistent challenges in securing remote access infrastructure. Security…
-
Critical Microsoft Outlook Flaw Enables Remote Execution of Arbitrary Code
by
in SecurityNewsNewly disclosed vulnerability in Microsoft Outlook (CVE-2025-32705) permits attackers to execute arbitrary code on compromised systems through a memory corruption flaw. Rated 7.8 (CVSS v3.1) and classified as Important by Microsoft, this out-of-bounds read vulnerability (CWE-125) exposes email clients to localized attacks requiring minimal user interaction. With over 400 million enterprise users relying on Outlook…
-
Neue EU-Schwachstellen-Datenbank geht an den Start
by
in SecurityNews
Tags: bug, cve, cvss, cybersecurity, cyersecurity, governance, government, infrastructure, mitre, nis-2, risk, sap, software, technology, tool, vulnerabilityDie neue EU-Schwachstellen-Datenbank EUVD soll das CVE-Programm ergänzen.Seit dieser Woche verfügt die Technologiebranche über eine neue Datenbank, um die neuesten Sicherheitslücken in Software zu überprüfen: die European Union Vulnerability Database (EUVD). Das Programm wurde von der Europäischen Agentur für Cybersicherheit (ENISA) zur Umsetzung der EU-Cybersicherheitsrichtlinie NIS2 eingerichtet.Hier stellt sich die Frage: Warum braucht es ein…
-
CISA adds the notorious TeleMessage flaw to KEV list
by
in SecurityNewsGovernment officials are especially vulnerable: “This vulnerability was most likely added to the KEV list due to the reported use of TeleMessage by government officials,” Thomas Richards, infrastructure security practice director at Black Duck, told CSO in a comment.TM SGNL first made headlines in March, when senior administration officials faced backlash after Waltz mistakenly added…
-
Orca Security Gets AI-Powered Remediation From Opus Deal
by
in SecurityNewsThe acquisition will enhance Orca’s CNAPP offering with autonomous vulnerability remediation and prevention technologies from Opus. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/orca-security-ai-powered-remediation-opus
-
Strengthening Cloud Security: API Posture Governance, Threat Detection, and Attack Chain Visibility with Salt Security and Wiz
by
in SecurityNews
Tags: api, attack, authentication, best-practice, cloud, compliance, data, detection, exploit, google, governance, incident response, malicious, risk, risk-assessment, threat, tool, vulnerabilityIntroduction In the current cloud-centric environment, strong API security is essential. Google’s acquisition of Wiz underscores the urgent necessity for all-encompassing cloud security solutions. Organizations should focus on both governing API posture, ensuring secure configuration and deployment to reduce vulnerabilities and assure compliance, and on effective threat detection and response. Salt Security’s API Protection Platform…
-
EU Schwachstellen-Datenbank funktional
by
in SecurityNews
Tags: vulnerabilityDie im Juni 2024 (im Rahmen eines Mandats der EU-Richtlinie für Netz- und Informationssicherheit 2) angekündigte Europäische Datenbank für Schwachstellen (European Vulnerability Database, EUVD) ist seit Dienstag, den 13. Mai 2025 voll einsatzfähig. Es handelt sich um eine optimierte Plattform, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/14/eu-schwachstellen-datenbank-funktional/
-
ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience
by
in SecurityNewsThe European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), a strategic move designed to enhance digital security across the bloc and reduce reliance on U.S.-centric cybersecurity infrastructure. The EUVD, now live for consultation, aggregates vulnerability data from a wide range of sources, including national Computer Security Incident Response Teams (CSIRTs),…
-
Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
by
in SecurityNews
Tags: access, attack, breach, cloud, cyberattack, data, data-breach, exploit, infrastructure, training, vulnerabilityOrganizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%. As attacks rise First seen on thehackernews.com Jump to…
-
INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense
by
in SecurityNewsCary, North Carolina, 14th May 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/ine-security-alert-continuous-cve-practice-closes-critical-gap-between-vulnerability-alerts-and-effective-defense/
-
Microsoft Patches 78 Security Issues, 5 Active Zero-Day Exploits
by
in SecurityNewsIn its May 2025 security update, Microsoft has rolled out patches for 78 vulnerabilities spanning its product ecosystem. Most notably, five of these flaws (a.k.a. zero-day exploits) have already been exploited in the wild. May 2025 Patch Tuesday: 78 Vulnerabilities… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/microsoft-patches-78-vulnerabilities-five-zero-day-exploits/
-
INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense
by
in SecurityNewsCary, North Carolina, 14th May 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/ine-security-alert-continuous-cve-practice-closes-critical-gap-between-vulnerability-alerts-and-effective-defense/
-
Microsoft Alerts on AD CS Flaw Enabling Remote DenialService Attacks
by
in SecurityNewsMicrosoft has issued a security advisory for a newly identified vulnerability in Active Directory Certificate Services (AD CS), tracked as CVE-2025-29968, which could allow authenticated attackers to disrupt critical certificate management operations over a network. Rated Important with a CVSS v3.1 score of 6.5, the flaw stems from improper input validation (CWE-20) and enables denial-of-service…
-
Fortinet fixed actively exploited FortiVoice zero-day
by
in SecurityNewsFortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice enterprise phone systems. Fortinet released security updates to address a critical remote code execution zero-day, tracked as CVE-2025-32756, that was exploited in attacks targeting FortiVoice enterprise phone systems. The vulnerability is a stack-based overflow issue that impacts in FortiVoice, FortiMail, FortiNDR,…
-
Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure
by
in SecurityNews
Tags: china, cve, cyber, espionage, exploit, flaw, hacker, infrastructure, remote-code-execution, sap, threat, vulnerability, zero-dayEclecticIQ analysts have uncovered a sophisticated cyber-espionage campaign orchestrated by China-nexus nation-state Advanced Persistent Threats (APTs) targeting critical infrastructure worldwide. In April 2025, these threat actors launched a high-tempo exploitation campaign against SAP NetWeaver Visual Composer, exploiting a zero-day vulnerability identified as CVE-2025-31324. This unauthenticated file upload flaw allows remote code execution (RCE), providing attackers…
-
Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild
by
in SecurityNewsMicrosoft has disclosed two critical security vulnerabilities in the Windows Common Log File System (CLFS) Driver that are currently being exploited in the wild. Released on May 13, 2025, the vulnerabilities-identified as CVE-2025-32706 and CVE-2025-32701-both allow local privilege escalation and have been classified as >>Important
-
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
by
in SecurityNewsMicrosoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild.Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity.…
-
Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access
by
in SecurityNewsMicrosoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, tracked as CVE-2025-32709. This use-after-free flaw enables local attackers with basic user privileges to gain SYSTEM-level access, posing significant risks to unpatched systems. First publicly documented on 13 May 2025, the vulnerability carries a base score…
-
New Windows RDP Vulnerability Enables Network-Based Attacks
by
in SecurityNewsMicrosoft has disclosed two critical vulnerabilities in its Windows Remote Desktop services that could allow attackers to execute arbitrary code on vulnerable systems over a network. Designated CVE-2025-29966 and CVE-2025-29967, these heap-based buffer overflow flaws affect the Windows Remote Desktop Protocol (RDP) and Remote Desktop Gateway (RD Gateway) service, respectively. Both vulnerabilities carry a CVSS…
-
Jetzt patchen: Gefährliche Windows-Lücken werden aktiv ausgenutzt
by
in SecurityNewsMicrosoft warnt vor fünf Zero-Day-Lücken in Windows. Hinzu kommen weitere gefährliche Schwachstellen, die eine Schadcodeausführung ermöglichen. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-gefaehrliche-windows-luecken-werden-aktiv-ausgenutzt-2505-196178.html